English

Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect

Cryptography and Security 2018-01-25 v1

Abstract

Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0 and/or OpenID Connect-based single sign on. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance, and it has been widely examined both in theory and in practice. Unfortunately, as these studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.

Keywords

Cite

@article{arxiv.1801.07983,
  title  = {Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect},
  author = {Wanpeng Li and Chris J Mitchell and Thomas Chen},
  journal= {arXiv preprint arXiv:1801.07983},
  year   = {2018}
}

Comments

18 pages, 3 figures

R2 v1 2026-06-22T23:54:10.063Z