{"version": "https://jsonfeed.org/version/1", "title": "/dev/posts/ - Tag index - oauth", "home_page_url": "https://www.gabriel.urdhr.fr", "feed_url": "/tags/oauth/feed.json", "items": [{"id": "http://www.gabriel.urdhr.fr/2025/07/08/keycloak-uma-vulnerabilities/", "title": "Keycloak UMA vulnerabilities", "url": "https://www.gabriel.urdhr.fr/2025/07/08/keycloak-uma-vulnerabilities/", "date_published": "2025-07-08T00:00:00+02:00", "date_modified": "2025-07-08T00:00:00+02:00", "tags": ["computer", "protocol", "web", "security", "oauth", "keycloak", "security", "uma", "openid-connect"], "content_html": "<p>Keycloak's UMA implementation seems tricky to me.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/18/uma-malicious-as/", "title": "Malicious authorization server attack in UMA\u00a02.0", "url": "https://www.gabriel.urdhr.fr/2025/03/18/uma-malicious-as/", "date_published": "2025-03-18T21:23:51+01:00", "date_modified": "2025-03-18T21:23:51+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "<p>In a <a href=\"https://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/\">previous post</a>,\nI described a pass-the-permission-ticket vulnerability in UMA\u00a02.0\nin which a malicious UMA resource server\ncould kindly ask a UMA client\nto give it access tokens actually intended for another UMA resource server.\nIn this post,\nI am describing a similar attack when the authorization server is malicious.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/", "title": "Pass-the-permission-ticket vulnerability in UMA\u00a02.0", "url": "https://www.gabriel.urdhr.fr/2025/03/18/uma-pass-the-permission-token/", "date_published": "2025-03-18T21:23:50+01:00", "date_modified": "2025-03-18T21:23:50+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "<p>In the <a href=\"https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html\">User-Managed Access</a> (UMA) 2.0 protocol,\na malicious resource server (or a malicious server acting as a resource server)\ncan obtain a requesting party (access) token (RPT)\nintended for another UMA resource server\nfrom a UMA client\nby passing a permission ticket obtained from the target resource server to the UMA client.\nThis can compromise the privacy (confidentiality)\nand integrity of UMA protected resources.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2024/06/17/uma2-diagrams/", "title": "UMA 2.0 diagrams", "url": "https://www.gabriel.urdhr.fr/2024/06/17/uma2-diagrams/", "date_published": "2024-06-17T00:00:00+02:00", "date_modified": "2024-06-17T00:00:00+02:00", "tags": ["computer", "protocol", "web", "security", "oauth", "uma"], "content_html": "<p>Some diagrams (mostly sequence diagrams) about UMA 2.0.</p>\n"}, {"id": "http://www.gabriel.urdhr.fr/2023/02/06/oauth2-diagrams/", "title": "OAuth 2.x and OpenID Connect sequence diagrams", "url": "https://www.gabriel.urdhr.fr/2023/02/06/oauth2-diagrams/", "date_published": "2023-02-06T00:00:00+01:00", "date_modified": "2026-01-09T11:59:47+01:00", "tags": ["computer", "protocol", "web", "security", "oauth", "openid-connect", "keycloak"], "content_html": "<p>Some sequence diagrams about OAuth 2.x and OpenID Connect.</p>\n"}]}