← LibraryTechnique entry
AUTH-OIDC-SCOPEPrivilege Escalation
OIDC Scope Confusion / Mix-Up
Provider returns a token issued for a different RP / scope — overly trusting RP accepts it. The 2016 'IdP Mix-Up' attack family.
§ Where this technique fits
AUTH-OIDC-SCOPE is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.