Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth 2.0 V51 - Sanity Check Comments/Suggestions for v.5.0 #2621

Open
csfreak92 opened this issue Feb 18, 2025 · 6 comments
Open

OAuth 2.0 V51 - Sanity Check Comments/Suggestions for v.5.0 #2621

csfreak92 opened this issue Feb 18, 2025 · 6 comments
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR Community needed This issue will not be progressed without community input. Will be closed if stale. V51 Group issues related to OAuth WG wanted We are looking for input from leaders/WG _5.0 - rc1

Comments

@csfreak92
Copy link
Collaborator

Chapter V51 - OAuth 2.0

Here are a few things I observed reviewing this chapter for v.5.0 for sanity check related to #2582:

V51.7 Consent Management
Needs some paragraph describing this section. For consistency across all subsections in ASVS.

I also saw some requirements that need some grammatical changes which I will reference in this issue in a PR later.
@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V51 Group issues related to OAuth _5.0 - rc1 labels Feb 19, 2025
@csfreak92 csfreak92 mentioned this issue Feb 19, 2025
Merged
@csfreak92
Copy link
Collaborator Author

For this intro paragraph, I am not sure what must be written here. I would lean for the folks who are more expert in this set of requirements for their PR.

@csfreak92 csfreak92 added Community needed This issue will not be progressed without community input. Will be closed if stale. WG wanted We are looking for input from leaders/WG labels Mar 3, 2025
@tghosth
Copy link
Collaborator

tghosth commented Mar 10, 2025
edited
Loading

@randomstuff @TobiasAhnoff @elarlang could you go through the chapter and section text in chapter V51 to make sure it is ok? As Ralph says, I think this needs the expertise of those who are most familiar with it.

@elarlang
Copy link
Collaborator

The last one (V51.7) requires some section text, but otherwise, all 3 of us have worked with the text, and from my point of view, it makes sense to have external eyes on that.

If there is no further action to be expected from this issue, it can be closed. Parallel reviews are in place anyway.

@tghosth
Copy link
Collaborator

tghosth commented Mar 10, 2025

So can someone add for 51.7 and then we can close this?

@randomstuff
Copy link
Contributor

Maybe something like:

These requirement cover the verification of the user's consent by the authorization server. Without proper user consent verification, a malicious actor could easily obtain permissions on the user behalf through spoofing or social-engineering.

@elarlang
Copy link
Collaborator

@randomstuff please open the PR

@elarlang elarlang added the 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR label Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet 5) awaiting PR A proposal hs been accepted and reviewed and we are now waiting for a PR Community needed This issue will not be progressed without community input. Will be closed if stale. V51 Group issues related to OAuth WG wanted We are looking for input from leaders/WG _5.0 - rc1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@randomstuff @csfreak92 @tghosth @elarlang