Please consider if it would be possible to abuse the use of .Contains() when verifying the RedirectUri
https://github.com/Shoogn/OAuth20Server/blob/dev/Server/src/OAuth20.Server/Services/AuthorizeResultService.cs#L95
I'm thinking about a scenarios such as &redirectUri=https://hackers-are-us.com/pwned/?foo=https://my-legit-domain.com/oauth/callback
PS. I love you work and I'm going to start using this server in my Unit Tests.
Please consider if it would be possible to abuse the use of
.Contains()when verifying the RedirectUrihttps://github.com/Shoogn/OAuth20Server/blob/dev/Server/src/OAuth20.Server/Services/AuthorizeResultService.cs#L95
I'm thinking about a scenarios such as &redirectUri=
https://hackers-are-us.com/pwned/?foo=https://my-legit-domain.com/oauth/callbackPS. I love you work and I'm going to start using this server in my Unit Tests.