Securing Mobile SSO Over OAuth2 -- Trust No One!
A recent paper, Signing into One Billion Mobile App Accounts Effortlessly with OAuth 2.0, describes a seemingly new security flaw in the implementation of single sign-on over OAuth 2. As an API developer, should you be worried? You may be wondering if you're affected and how to mitigate the issue. Indeed, you might not even be sure what the issue is.