9Nis
Risks associated with a compromised external Security token server
Consider the following architecture:
An on premise Web API 2 [Written in C# hosted in IIS] which uses OAuth 2 authentication [ Implicit Flow ] to secure itself. This API acts as the data source by external apps [ Currently an angular 9 APP…