← LibraryTechnique entry
AUTH-OIDC-IMPLICITCredential Access
OIDC Implicit Flow Token Leak
Access token returned in URL fragment — leaks via Referer, browser history, third-party scripts, postMessage.
§ Where this technique fits
AUTH-OIDC-IMPLICIT is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.