DRD25. To request user permission for OAuth, identify relying party and its permissions scope

Under Construction

This guideline is under construction.

To request OAuth user permission for information from a service provider, present a dialogue box to the user that identifies the relying party's information and the scope of its permissions.

Noncompliant Code Example

This noncompliant code example shows an application that

TBD

Compliant Solution

In this compliant solution the application

TBD

Risk Assessment

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
DRD25-J	Medium	Probable	Medium

Automated Detection

Bibliography

[Chen 14]	OAuth Demystified for Mobile Application Developers
[IETF OAuth1.0a]	Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.
[IETF OAuth2.0]	Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

Space shortcuts

Page tree

Noncompliant Code Example

Compliant Solution

Risk Assessment

Automated Detection

Bibliography