2Ağu
OpenID Connect Web Message Response Mode and XSS
When using the web message response mode spec with OpenID Connect for silent authentication, what prevents an attacker leveraging an XSS attack from registering a "message" listener and intercepting authorization messages (a code…