Get remediation support for nOAuth
In June 2023, Descope disclosed an authentication implementation flaw that can affect Microsoft Azure AD multi-tenant OAuth applications. If you believe your app is impacted, fill in the form and our security team will reach out to you.
dark background image for section
Understanding nOAuth
If an app uses “Log in with Microsoft” as an authentication method and chooses the “email” claim as the unique identifier for the user, attackers can exploit this implementation and perform account takeover. Learn how the attack works, its impact, and remediation guidelines below.
nOAuth demo video
Watch this 3-min demo video to see how nOAuth can be exploited to perform account takeover on any app that incorrectly implements "Log in with Microsoft".