[Sign In] Quick and Dirty OAuth 2.0 Sign In with 1 RP - "OAuth 2.0 code flow abuse" #13
Description
Web application RP1 offers sign in/sign up functionality for users of identity provider IDP1, abusing OAuth2 (eg conducting an OAuth2 authorization code flow, attempting an API call with the resulting access token and considering the user signed in eg creating a session cookie if the call succeeds).
Ignoring how IDP1 authenticates the user, apart from the fact that successful auth results in a cookie in IDP1 domain.
Notable: the user agent doesn't see any user info, all exchanges occur server side.