> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth / OIDC misconfig

> redirect_uri validado por substring → https://app.com/callback?attacker=evil.com o redirect_uri=https://attacker.evil.com/app.com/.

# OAuth / OIDC misconfig

<p className="glossary-answer">redirect\_uri validado por substring → [https://app.com/callback?attacker=evil.com](https://app.com/callback?attacker=evil.com) o redirect\_uri=[https://attacker.evil.com/app.com/](https://attacker.evil.com/app.com/).</p>

**Categoría:** [Web · Vectores avanzados](/glosario)

🎯 **Trinchera** — `redirect_uri` validado por substring →
`https://app.com/callback?attacker=evil.com` o
`redirect_uri=https://attacker.evil.com/app.com/`. Token leak por
referer, stored XSS, abierto open redirect = takeover de la víctima
si hace click.

🔗 **Kill chain** — Cadena clásica: open redirect en SSO → robo de
authorization code → exchange → ID token + access token.
**Variantes 2024**: PKCE downgrade, abuse de `response_mode=fragment`
para robar token vía XSS en el redirector.

📡 **Huella defensiva** — Volumen de auth requests con redirect\_uri
no estándar, tokens emitidos hacia callbacks atípicos.

⚠️ **Falso amigo** — Implementar PKCE no protege si el redirect\_uri
está mal validado.

🛡️ **Remediación** — Allowlist exacto de redirect\_uri (incluyendo
path), enforzar HTTPS, PKCE obligatorio en clients públicos,
state parameter unique-per-flow.

***

← [Volver al glosario completo](/glosario)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"OAuth / OIDC misconfig","description":"redirect_uri validado por substring → https://app.com/callback?attacker=evil.com o redirect_uri=https://attacker.evil.com/app.com/.","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Glosario táctico de pentesting","url":"https://rootea.es/glosario"},"url":"https://rootea.es/glosario/oauth-oidc-misconfig"}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Inicio","item":"https://rootea.es"},{"@type":"ListItem","position":2,"name":"Glosario táctico","item":"https://rootea.es/glosario"},{"@type":"ListItem","position":3,"name":"OAuth / OIDC misconfig","item":"https://rootea.es/glosario/oauth-oidc-misconfig"}]}`}
</script>

*Última actualización: 2026-06-11*
