Closed mipnw closed 6 years ago
OAuth2Authenticator checks for forgeries only sometimes. In Implicit Grant the state is returned via a fragment, not a query, and it doesn't get checked against the expected state, leaving the app vulnerable to CSRF.
I have a fix. I'll submit a PullRequest shortly.
-nuget version = 1.6.0.1
PR Submitted
Xamarin.Auth Issue
OAuth2Authenticator checks for forgeries only sometimes. In Implicit Grant the state is returned via a fragment, not a query, and it doesn't get checked against the expected state, leaving the app vulnerable to CSRF.
I have a fix. I'll submit a PullRequest shortly.
Version
-nuget version = 1.6.0.1