Abstract
Many millions of users routinely use Google, Facebook and Microsoft to log in to websites supporting OAuth 2.0 and/or OpenID Connect. The security of OAuth 2.0 and OpenID Connect is therefore of critical importance. Unfortunately, as previous studies have shown, real-world implementations of both schemes are often vulnerable to attack, and in particular to cross-site request forgery (CSRF) attacks. In this paper we propose a new and practical technique which can be used to mitigate CSRF attacks against both OAuth 2.0 and OpenID Connect.
Original language | English |
---|---|
Title of host publication | 16th Annual Conference on Privacy, Security and Trust (PST) |
Publisher | IEEE Explore |
Pages | 1-5 |
DOIs | |
Publication status | Published - 2018 |
Externally published | Yes |