You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
oauth device code flow
About this tag
The OAuth device code flow is an authentication mechanism that allows users to sign in on devices with limited input capabilities, such as smart TVs or command-line interfaces, by completing the login on a separate browser. On WindowsForum.com, discussions focus on how this flow is exploited in phishing attacks like EvilTokens, which target Microsoft 365 accounts. These attacks abuse the legitimate device authorization grant flow to trick users into approving attacker-controlled sessions, bypassing traditional multifactor authentication. The recurring theme is that securing authentication requires protecting the entire flow, not just adding MFA. Topics include Microsoft 365 security, phishing-as-a-service kits, and enterprise IT defense strategies.
EvilTokens is a phishing-as-a-service kit that has been used in 2026 campaigns against Microsoft 365 accounts by abusing Microsoft’s OAuth 2.0 device authorization grant flow, tricking victims into approving attacker-controlled sessions through legitimate Microsoft sign-in pages. The important...