As yet, we've taken a gander at the standard method of presenting the necessary boundaries for the approval demand for example by means of the question string. Some OpenID suppliers give you the alternative to pass these in as a JSON web token (JWT) all things considered. On the off chance that this element is upheld, you can send a solitary request_uri boundary highlighting a JSON web token that contains the remainder of the OAuth boundaries and their qualities. Contingent upon the setup of the OAuth administration, this request_uri boundary is another likely vector for SSRF.

You may likewise have the option to utilize this element to sidestep approval of these boundary esteems. A few workers may successfully approve the inquiry string in the approval demand, however may neglect to sufficiently apply similar approval to boundaries in a JWT, including the redirect_uri.

To check whether this alternative is upheld, you should search for the request_uri_parameter_supported choice in the setup record and documentation. Then again, you can simply take a stab at adding the request_uri boundary to check whether it works. You will locate that a few workers uphold this component regardless of whether they don't expressly make reference to it in their documentation.

read more: inconveniences