Security evaluation of the OAuth 2.0 framework

Ferry, Eugene; O'Raw, John; Curran, Kevin

doi:10.1108/ics-12-2013-0089

Cited by 25 publications

(13 citation statements)

References 19 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…OAuth2. OAuth server works by authenticating and authorizing (Ferry, Raw, & Curran, 2015;Jung & Jung, 2017). If both processes are successful, the client will be given a token code by the OAuth server.…”

Section: The Protocol Of Oauth2mentioning

confidence: 99%

Integrated Email Management System Based Google Application Programming Interface Using OAuth 2.0 Authorization Protocol

Musliyana¹,

Satira

Dwipayana

et al. 2020

EKW

View full text Add to dashboard Cite

: Google Apps is a service provided by Google that allows users to use Google products with their own domain names. Among the products offered by Google Apps are email (Gmail), Docs (Google Drive), and Classroom services. In addition, Google Apps also provides Application Programming Interface (API) services that can be used by developers to take advantage of various features provided by Google. Universitas Ubudiyah Indonesia (UUI) is one of the universities that use Google Apps service for managing student emails. At present, UUI student email management through Google Apps is still not integrated with academic information system data. As a result, UUI must allocate special resources for managing student emails manually. Based on these problems, this study proposes an integration system for UUI student email management using the Google Apps API. This system is designed using PHP programming. The Google Apps API authentication method uses OAuth 2.0. The results of this study indicate that student email management on Google Apps can be done through campus academic information systems. With this system, students can activate email independently without having to be registered manually to the Google Apps page by the campus email managers.Abstrak : Google Apps adalah sebuah layanan yang disediakan oleh Google yang memungkinkan pengguna dapat menggunakan produk google dengan nama domain sendiri. Di antaranya produk yang disediakan Google Apps yaitu layanan email (Gmail), dokumen (Google Drive), dan Classroom. Selain itu, Google Apps juga menyediakan layanan Application Programming Interface (API) yang dapat dimanfaatkan oleh pengembang untuk memanfaatkan berbagai layanan yang disediakan oleh Google. Universitas Ubudiyah Indonesia (UUI) merupakan salah satu universitas yang menggunakan layanan Google Apps untuk pengelolaan email mahasiswa. Saat ini pengelolaan email mahasiswa UUI melalui Google Apps masih belum terintegrasi dengan data sistem informasi akademik. Akibatnya UUI harus mengalokasikan sumber daya khusus untuk mengelola email mahasiswa secara manual. Berdasarkan permasalahan tersebut penelitian ini mengusulkan sistem integrasi pengelolaan email mahasiswa UUI menggunakan API Google Apps. Sistem ini dirancang menggunakan pemograman PHP. Metode autentikasi API Google Apps menggunakan OAuth 2.0. Hasil penelitian ini menunjukkan pengelolaan email mahasiswa pada Google Apps dapat dilakukan melalui sistem informasi akademik kampus. Dengan adanya sistem ini mahasiswa dapat melakukan aktivasi email secara mandiri tanpa harus didaftarkan secara manual ke halaman Google Apps oleh pengelola email kampus.

show abstract

Section: The Protocol Of Oauth2mentioning

confidence: 99%

Integrated Email Management System Based Google Application Programming Interface Using OAuth 2.0 Authorization Protocol

Musliyana¹,

Satira

Dwipayana

et al. 2020

EKW

View full text Add to dashboard Cite

show abstract

“…OAuth is an open authorization standard that allows users to grant an OAuth client application to access the resource stored in the OAuth server without sharing their credentials (Ferry, Raw, & Curran, 2015). OAuth is one of the popular token-based authentications that allows users to access the applications by logging on their existing accounts such as Facebook, Twitter and Google.…”

Section: Learning Management Systemsmentioning

confidence: 99%

Educational Reward Information Communication Api (Eric Api): A Preliminary Study Result

Kuo

Chen

et al. 2019

RPD

View full text Add to dashboard Cite

Educational Resource Information Communication (ERIC) API is used to connect two separate systems while keeping both systems working independently without leaking users’ privacy data. This research uses ERIC API to integrate an educational reward system called Trading Card Game with Moodle, a famous open-source learning management system. When students authorize Moodle to dispatch the rewards (i.e., in-game cards) for completing learning activities (e.g., assignments and quizzes) to their account in the Trading Card Game, Moodle will no information about the credentials that they have in the Trading Card Game. This research conducts a pilot study to understand whether or not students are satisfying with having the API to integrate Moodle and Trading Card Game. The results not only show that ERIC API is acceptable for students but also provide researchers and teachers support of evidence to having a reward system into their learning management system.

show abstract

“…The papers that we found to have security incidents in this category [11][12][13][14][15][16][17] widely report on a Cross-Site-Request-Forgery (CSRF) attack that capitalises on a weak SP vulnerability. The OAuth specification outlines things the SP must do to resist CSRF attacks, which some SPs do not do.…”

Section: Oauthmentioning

confidence: 99%

“…The OAuth specification outlines things the SP must do to resist CSRF attacks, which some SPs do not do. In fact, five of the seven OAuth papers analysed reported this vulnerability [11,[13][14][15][16] on the implementations of OAuth. It was found that these security incidents were possible because of the implementations of the protocol themselves rather than fundamental problems with the OAuth protocol.…”

Section: Oauthmentioning

confidence: 99%

“…It was found that these security incidents were possible because of the implementations of the protocol themselves rather than fundamental problems with the OAuth protocol. All five papers suggested solutions to be implemented by the relevant providers -such as proposals to attempt to bind authorisation requests to browsers -and Ferry et al [13] reported that the CSRF attack had been addressed immediately upon the report.…”

Section: Oauthmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Security Analysis in Federated Identity Management

Simpson

Groß

2016

Privacy and Identity Management. Facing Up to Next Steps

View full text Add to dashboard Cite

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

Security evaluation of the OAuth 2.0 framework

Cited by 25 publications

References 19 publications

Integrated Email Management System Based Google Application Programming Interface Using OAuth 2.0 Authorization Protocol

Integrated Email Management System Based Google Application Programming Interface Using OAuth 2.0 Authorization Protocol

Educational Reward Information Communication Api (Eric Api): A Preliminary Study Result

A Survey of Security Analysis in Federated Identity Management

Contact Info

Product

Resources

About