OAuth is an open security standard that enables users to provide specific and time-bound rights to an application to access protected user resources. It stored on some external resource servers without needing them to share their credentials with the application. Unlike websites, for locally installed packaged web applications, the main security challenge is to handle the redirect response. The OAuth flow initiated from packaged web apps is similar to the OAuth flows explained in the current literature. However, for packaged web apps, it is difficult to define an HTTP endpoint as redirection endpoint since these apps are locally installed. The authors have proposed a novel method to execute OAuth flow from such applications with the help of a web runtime framework that manages the life cycle of these applications. They have compared their approach with another two existing approaches. After conducting experiments, they have found their approach blocking all illegal OAuth flow executions. The approach also delivers better OAuth response handling time and power consumption performance.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.