Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect
Cryptography and Security
2018-01-25 v1
Abstract
Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0 and/or OpenID Connect-based single sign on. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance, and it has been widely examined both in theory and in practice. Unfortunately, as these studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.
Keywords
Cite
@article{arxiv.1801.07983,
title = {Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect},
author = {Wanpeng Li and Chris J Mitchell and Thomas Chen},
journal= {arXiv preprint arXiv:1801.07983},
year = {2018}
}
Comments
18 pages, 3 figures