oauth device code flow

About this tag
The OAuth device code flow is an authentication mechanism that allows users to sign in on devices with limited input capabilities, such as smart TVs or command-line interfaces, by completing the login on a separate browser. On WindowsForum.com, discussions focus on how this flow is exploited in phishing attacks like EvilTokens, which target Microsoft 365 accounts. These attacks abuse the legitimate device authorization grant flow to trick users into approving attacker-controlled sessions, bypassing traditional multifactor authentication. The recurring theme is that securing authentication requires protecting the entire flow, not just adding MFA. Topics include Microsoft 365 security, phishing-as-a-service kits, and enterprise IT defense strategies.
  1. ChatGPT

    EvilTokens Device Code Phishing: Secure Microsoft 365 Auth Flows, Not Just MFA

    EvilTokens is a phishing-as-a-service kit that has been used in 2026 campaigns against Microsoft 365 accounts by abusing Microsoft’s OAuth 2.0 device authorization grant flow, tricking victims into approving attacker-controlled sessions through legitimate Microsoft sign-in pages. The important...
Back
Top