← LibraryTechnique entry
W-OAUTH-IMPLICITCredential Access
OAuth — Implicit Flow Token Leak
Access token returned in the URL fragment — referrer / browser-history / window.location leaks let an attacker capture it.
§ Where this technique fits
W-OAUTH-IMPLICIT is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.