Key takeaways from the OAuth security workshop in Zürich

Posted 2017-07-21 by Vladimir Dzhuvinov

The 2017 OAuth Security Workshop at the ETH in Zürich was packed with useful talks. Here are the key takeaways.

Best practices for native OAuth apps

Check out the best practices for OAuth apps, presented by John Bradley and William Denniss. The slides are based on the formal BCP document that is being edited the OAuth WG.

Are you developing native apps that require OAuth? The AppAuth libraries developed by the great community at OpenID support Android, iOS as well as NativeJS.

John also updated us on the upcoming SafariViewController changes in iOS 11 and that we'll have to rely on SFAuthenticationSession instead, in order to achieve SSO between apps and the system browser.

OAuth for JavaScript apps

Jacob Ideskog presented a nice framework for simplifying OAuth and OpenID Connect integration in JavaScript apps. The app can obtain the tokens it needs by simply posting a message to an iframe loaded from the authorisation server / IdP.

OAuth is becoming the new "password"

The proliferation of OAuth 2.0 applications, even to areas like finance, means we must take greater care to secure tokens, through their entire lifecycle -- how they are obtained, relayed and consumed. Deployments are also turning more dynamic. This means the basic OAuth 2.0 framework (RFC 6749) published in 2012 is no longer adequate. Security must be enhanced, across the board.

We need more science, i.e. formal analysis, in protocol design

The design of security protocols, like TLS, has been treated like art for a long time. But that's not good enough. We need more science, meaning formal analysis, to be confident that the desired security properties of the protocols we craft are actually met, and critical bits don't get overlooked.

  • David Basin from the ETH demonstrated the power of formal analysis tools, used for example, to uncover a terrible security omission in the ISO/IEC 9798 protocol.

  • Cas Cremers made a reassuring presentation that formal analysis has been taken up by the TLS 1.3 working group, to good effect. The whole Internet security relies on TLS, so we must seek to have total confidence in the protocol.

  • Daniel Fett, Ralf Kuesters, and Guido Schmitz from Uni Stuttgart presented their in-depth analysis of OpenID Connect and the conclusion that within their formal model, the protocol is secure. This is great news!

Crypto: Validate all EC keys that you deal with

Antonio Sanso presented the invalid curve attack and how it can lead to JWE ECDH exploits. The lesson: Always validate the curves of EC keys you're dealing with. In the Nimbus JOSE+JWT library we now perform these validations at EC JWK construction time, even before any crypto operations are attempted with them.