Oauth2.0, Misconfigured, web Applications, Open Redirection.
OAuth2.0 is generally used by online facility providers worldwide. OAuth security-related banners appear from time to time, and mismanagement of the protocol caused many difficulties. It verifies the user's identity for the requested website without revealing the password to the website. When a web application receives untrustworthy input, it causes the request to be readdressed to the underlying URL without any input, redirects and forwards are potential. The user-agent redirection system in OAuth is the vulnerable links because hard for developers and operators to the right way read, understand and implement all the subtle but significant requirements. In this discussion, we begin by identifying the security community's understanding of the OAuth redirection threats. The current process of the OAuth requirement, as well as its circulating best practice, will be discussed. We announce new OAuth redirection attack technologies that activity the interaction of URL construing issues with redirection controlling in majority browsers and mobile applications. In explicit, it allows attackers to hijack third party app accounts, gain access to sensitive personal info, or take special actions on behalf of affected users.