Common attacks
Now that we've looked at some security best practices to keep your application secure, let's now take a look at some common attacks against OAuth 2.0 clients that you should be aware of. We will also examine the mitigation techniques you can use to protect your application from such attacks.
Cross-site request forgery (CSRF)
Cross-site request forgery is a powerful attack that has been gaining popularity with attackers in recent years. It involves tricking users into following a malicious link that performs an undesirable action on a trusted site without their knowledge, making use of their pre-existing sessions with that site.
For instance, imagine a user has just logged into their bank in their favorite web browser. Now, in another tab, they open an e-mail from a malicious user with a link that says "See cats here!" which leads to http://www.catloversheaven.com/.
This site is owned by the attacker and, while the user is browsing cute cat pictures, in the...
