English

OAuth 2.0 authorization using blockchain-based tokens

Cryptography and Security 2020-01-29 v1

Abstract

OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are used. Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange by leveraging smart contracts. We realized a proof-of-concept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.

Keywords

Cite

@article{arxiv.2001.10461,
  title  = {OAuth 2.0 authorization using blockchain-based tokens},
  author = {Nikos Fotiou and Iakovos Pittaras and Vasilios A. Siris and Spyros Voulgaris and George C. Polyzos},
  journal= {arXiv preprint arXiv:2001.10461},
  year   = {2020}
}

Comments

NDSS Workshop on Decentralized IoT Systems and Security (DISS), San Diego, CA, USA, 2020

R2 v1 2026-06-23T13:23:10.367Z