A survey on OAUTH protocol for security
Keywords:OAuth 2.0, Security Vulnerabilities, Authentication.
Web is a dangerous place. For each administration, each APIâ€™s, there are clients who might love simply to get through the different layers of security you've raised. It is one of the most powerful open standard authorization protocols available to all API developers today. Most of the popular social network APIâ€™s like Google, Twitter and Facebook uses OAuth 2.0 protocol to intensify user experience while sign-ing-on and social sharing. The code written for authorization may be leaked during transmission which then may lead to misuse. This paper uses an attacker model to study the security vulnerabilities of the OAuth protocol. The experimental results on Google API shows that some common attacks like Phishing, Replay and Impersonation may be possible on this protocol.
 Feng Yang, Sathiamoorthy Manoharan, â€œA security analysis of the OAuth protocolâ€, IEEE, available online: https://www.scribd.com/document/267173600/Yang-2013.
 Manuel UrueÃ±a, Alfonso MuÃ±oz and David Larrabeiti, â€œAnalysis of privacy vulnerabilities in single sign-on mechanisms for multimedia websitesâ€, Springer, Multimedia Tools and Applications (2014) pp. 159â€“176, available online: https://earchivo.uc3m.es/bitstream/handle/10016/20008/analysis_MTA_2014_ps.pdf?sequence=1.
 Suhas Pai, Yash Sharma, Sunil Kumar, Radhika M. Pai, Sanjay Singh, â€œFormal Verification of OAuth 2.0 Using Alloy Frameworkâ€, IEEE, available online: http://ieeexplore.ieee.org/document/5966531/.
 Chetan Bansal, Karthikeyan Bhargavan and Sergio Maffeis, â€œDiscovering Concrete Attacks on Website Authorization by Formal Analysisâ€, IEEE, available online: http://ieeexplore.ieee.org/document/6266164/.
 E. Hammer-Lahav, â€œThe OAuth 1.0 protocolâ€, available online: http://www.rfc-editor.org/info/rfc5849.
 J. Richer, W. Mills and H. Tschofenig, â€œOAuth 2.0 message authentication code (MAC) Tokens,â€ November (2012), available online: https://tools.ietf.org/pdf/draft-ietf-oauth-v2-http-mac-02.pdf.
 Renzo E. Navas, Manuel Lagos and Laurent Toutain, â€œNonce-based Authenticated Key Establishment over OAuth 2.0 IoT Proof-of-Possession Architectureâ€, IEEE, available online: http://ieeexplore.ieee.org/document/7845424/.