DRD25. To request user permission for OAuth, identify relying party and its permissions scope
Under Construction
This guideline is under construction.
To request OAuth user permission for information from a service provider, present a dialogue box to the user that identifies the relying party's information and the scope of its permissions.
Noncompliant Code Example
This noncompliant code example shows an application that
Non-compliant code
TBD
Compliant Solution
In this compliant solution the application
Compliant code
TBD
Risk Assessment
| Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| DRD25 | Medium | Probable | No | No | P4 | L3 |
Automated Detection
Tool
Version
Checker
Description
Bibliography
| [Chen 14] | OAuth Demystified for Mobile Application Developers |
| [IETF OAuth1.0a] | Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/ . |
| [IETF OAuth2.0] | Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749 . |