A Comprehensive Formal Security Analysis of OAuth 2.0
Association for Computing Machinery (ACM) via YouTube
AI, Data Science & Cloud Certificates from Google, IBM & Meta
Live Online Classes in Design, Coding & AI — Small Classes, Free Retakes
Overview
Syllabus
Intro
Our Contributions
Formal Analysis of Web Applications and Standards
Sources
Web Model
Web Browser Model
Limitations
Previous Work
OAuth Modes
Multiple IdPs
Authorization Property
Authentication Property
Session Integrity Property
Attacks: Overview
307 Redirect Attack
IdP Mix-Up Attack in implicit Mode
IdP Mix-Up Attack: Mitigation
Impact
Proof: Assumptions
Session Integrity: Network Attacker
OAuth 2.0: Security Proof
Some Related Work
Taught by
ACM CCS