数字化办公场景下，企业普遍采用 OAuth2.0、OIDC 协议打通多业务系统身份互通，用户无需重复提交账号密码，通过一次性授权完成跨应用资源访问，大幅提升系统集成效率。设备码授权流作为 OAuth2.0 标准扩展，专为无输入能力的智能电视、打印机、IoT 终端设计，用户通过移动端网页输入短验证码完成身份校验；授权码流程、跳转重定向机制则支撑网页、移动端第三方登录业务。但 2026 年全球威胁情报 ...

阿里妹导读文章内容基于作者个人技术实践与独立思考，旨在分享经验，仅代表个人观点。一、背景与问题在闪购搜索团队的日常工作中，我们需要频繁地进行搜索问题排查、性能分析、实验管理等操作。这些操作分散在多个平台（SLS日志、TPP实验平台、代码仓库等），效率 ...

The FBI has issued a public service announcement warning about a new phishing kit that's stealing Microsoft OAuth tokens at an alarming rate. OAuth token theft is a serious headache for organizations ...

Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. An OAuth token with wide access ...

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device ...

The Java ecosystem has historically been blessed with great IDEs to work with, including NetBeans, Eclipse and IntelliJ from JetBrains. However, in recent years Microsoft's Visual Studio Code editor ...

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...

Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider ...

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and ...

OAuth2 Exchange is a Java library that provides a bunch of functionalities for exchanging authorization code for an access token in OAuth2 Authorization Code Flow. It consists of templates and ...