Fake RFC 9700 / draft-ietf-oauth-attestation-based-client-auth client-attestation bypass lure — "verify your app integrity attestation by submitting your client_attestation JWT to our verification endpoint within 24 hours" / "the submitted JWT will be echoed back as a legit attestation token." Sender NOT on the canonical IdP / IETF allowlist (okta.com, auth0.com, microsoft.com, microsoftonline.com, azure.com, login.microsoftonline.com, google.com, accounts.google.com, workspace.google.com, amazon.com, amazonaws.com, awsapps.com, onelogin.com, pingidentity.com, forgerock.com, jumpcloud.com, duo.com, cisco.com, apple.com, icloud.com, ietf.org, rfc-editor.org, oauth.net). Real client-attestation is server-to-server during the OAuth client authentication step (client_attestation header on /token endpoint with an attestation JWT signed by the device-attestation provider) — never via inbound email demanding the user submit a JWT for echo-back verification. Distinct from R7 PAR family and R8 DPoP-window — this signal is specifically the *attestation-based client auth* bypass pretext (RFC 9700, draft-ietf-oauth-attestation-based-client-auth-09; user submits client_attestation JWT to attacker who echoes it back as legit, bypassing OAuth client authentication). Source: Red-Team R8 multi-agent council S3 (technical-AiTM specialist).
client-attestation-bypass-prompt-lure
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
Fake RFC 9700 / draft-ietf-oauth-attestation-based-client-auth client-attestation bypass-prompt lure targeting OAuth 2.1 / attestation-using enterprise app users + mobile-app developers. The phish narrative arrives as: "Per RFC 9700 OAuth 2.1 BCP, please verify your app integrity attestation by submitting your client_attestation JWT to our verification endpoint within 24 hours. The submitted JWT will be echoed back as a legit attestation token. Action required," or "Per draft-ietf-oauth-attestation-based-client-auth, please submit your client attestation JWT for app-integrity verification within 48 hours. Failure to submit will result in OAuth client authentication being revoked. Mandatory." The OAuth attestation-based client authentication draft (draft-ietf-oauth-attestation-based-client-auth-09) and RFC 9700 (OAuth 2.1 BCP, Mar 2024) introduce a new client-authentication primitive where the client carries a `client_attestation` JWT signed by a device-attestation provider (Apple App Attest, Android Play Integrity, hardware TPM) on the /token endpoint. An attacker that captures a valid `client_attestation` JWT can echo it back to the IdP as part of its own OAuth client authentication, bypassing the proof that the legitimate app is the one requesting tokens. The phish lure tricks the user into submitting their client_attestation JWT to attacker who echoes it back as a legit attestation token. Real client-attestation is server-to-server during the OAuth client authentication step (`client_attestation` header on /token endpoint with an attestation JWT signed by the device-attestation provider) — never via inbound email demanding the user submit a JWT for echo-back verification. Sender NOT on the canonical IdP / IETF allowlist (okta.com, auth0.com, microsoft.com, microsoftonline.com, azure.com, login.microsoftonline.com, google.com, accounts.google.com, workspace.google.com, amazon.com, amazonaws.com, awsapps.com, onelogin.com, pingidentity.com, forgerock.com, jumpcloud.com, duo.com, cisco.com, apple.com, icloud.com, ietf.org, rfc-editor.org, oauth.net). Distinct from R7 PAR family and R8 DPoP-window — this signal is specifically the *attestation-based client auth* bypass pretext. Fires when body references client_attestation / "client attestation" / "attestation-based client auth" / "attestation jwt" / "app-integrity attestation/jwt/verification" / RFC 9700 / "draft-ietf-oauth-attestation" / "OAuth 2.1 BCP" AND "submit(ting) (your) client_attestation/attestation jwt/app-integrity jwt" / "verify (your) app-integrity/attestation/client_attestation" / "echoed back as (a legit) attestation/client_attestation" / "verification endpoint" / "click below/here to submit/verify" AND OAuth (clients/2.0/2.1) / "client (authentication/auth)" / "app integrity" / "client (credentials/attestation)" / "attestation token" AND within N hours-days / 24-48 hours / action required / mandatory / "client (authentication) revoked" / "failure to submit" urgency. Excludes the canonical IdP / IETF / OAuth domains. Auto-classified as danger via the `-lure` suffix. Source: Red-Team R8 multi-agent council S3 (technical-AiTM specialist).
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started