Nat Sakimura proposes applying the Basin-Cremers-Meier (BCM) principles to strengthen the OAuth 2.0 authorization code grant protocol against network attackers. The BCM principles aim to ensure cryptographic message components uniquely identify their origin and include identities and roles of all agents. Sakimura analyzes how the original OAuth messages satisfy the BCM principles poorly by lacking unique identifiers and integrity protection. He suggests modifications like adding unique redirect URIs, signing requests and responses, and including state/transaction binding IDs to better satisfy the principles and secure OAuth against network attackers.

1. Nomura Research Institute
#osw17
Future Proofing the OAuth 2.0 Authorization
Code Grant Protocol by the application of BCM
Principles
July 14, 2017
Nat Sakimura
Nomura Research Institute

2. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
Nat Sakimura
(Co-)Author of:
 OpenID Connect Core 1.0
 JSON Web Token [RFC7519]
 JSON Web Signature [7515]
 OAuth PKCE [RFC7636]
 OAuth JAR [forthcoming]
 Etc.
(Co-)Editor of:
 ISO/IEC 29184 Guidelines for online notice and consent
 ISO/IEC 29100 AMD: Privacy Framework
 ISO/IEC 27551 Requirements for attribute based
unlinkable entity authentication
 Etc.
• Research Fellow,
Nomura Research Institute
• Chairman of the Board,
OpenID Foundation
• Chair, Financial API WG
• Head of Japanese delegation to
ISO/IEC JTC 1/SC 27/WG5
• Liaison Officer SC 27/WG5 --
OECD/SPDE
• https://nat.Sakimura.org
• @_nat_en (English)
• @_nat (Japanese)
• Linked.in/natsakimura
• https://www.linkedin.co
m/in/natsakimura
• https://ja.wikipedia.org/
wiki/崎村夏彦
.. and an amateur flutist
(https://youtu.be/3gTCQhTcXL0)

3. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
BCM Principles
P1 Positional tagging. Cryptographic
message components should contain
information that uniquely identities
their origin. In particular, the
information should identify the
protocol, the protocol variant, the
message number, and the particular
position within the message, from
which the component was sent.
P2 Inclusion of identities and their roles.
Each cryptographic message
component should include information
about the identities of all the agents
involved in the protocol run and their
roles, unless there is a compelling
reason to do otherwise.
3 Criteria
(a)Unique Source
Identifier
(b)Protocol + version +
msg identifier
(c)Full list of actor/roles
Basin, D., Cremers, C., Meier, S.: Provably Repairing the ISO/IEC 9798
Standard for Entity Authentication. Journal of Computer Security - Security and Trust
Principles archive Volume 21 Issue 6, 817-846 (2013)
(a)
(b)
(c)

4. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
Let’s apply!
4
Let’s Play!

5. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
RFC6749 OAuth – code grant protocol msgs
Authorization Request
Authorization Response
Token Request
Token Response
Assume:
 a network attacker as (e.g. Browser malware)
the crypto & TLS are not broken
pure RFC6749 – Three parties static OAuth 2.0
5
UA
Clien
t
AS

6. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
So, how is RFC6749 (Naïve implementation) doing?
Message Parameters (a) Unique
Source Identifier
(b) Protocol +
version identifier
(c) Full list of
actor/roles
Authorization
Request
response type
client id
redirect uri
scope
state
Authorization
Response
code
state
other extension
parameters
Token Request grant type
code
redirect uri
client
credential/client id
.
Token Response access token
token_type
expires_in
refresh_token
others
6
Combination of
parameters are unique
for each message type =
(b) Good!
Legend
Required Parameter
Optional Parameter
Recommended Parameter
But the good ends here.

7. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
So, how is RFC6749 (Naïve implementation) doing?
Message Parameters (a) Unique
Source Identifier
(b) Protocol +
version identifier
(c) Full list of
actor/roles
Authorization
Request
response type
client id
redirect uri
scope
state
Client ID is not
globally unique.
Tampering
possible
List of params as
identifier, but it is
not integrity
protected
No.
Authorization
Response
code
state
other extension
parameters
No source
identifier
As above No
Token Request grant type
code
redirect uri
client
credential/client id
Client ID is not
globally unique.
OK (as long as
there is no OAuth
3.0)
No.
Token Response access token
token_type
expires_in
refresh_token
others
No source
identifier
As above No.
7

8. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
8
It’s a sad
state.

9. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
Could be tightened up
Message Parameters (a) Unique
Source Identifier
(b) Protocol +
version identifier
(c) Full list of
actor/roles
Authorization
Request
response type
client id
redirect uri
scope
state
Unique redirect
URI + Client ID
Request signing (a) + state as the
UA identifier /
TBID as UA
identifier
Authorization
Response
code
state
other extension
parameters
Unique redirect
URI
Response signing (a) + client_id +
state as the UA
identifier / TBID as
UA identifier
Token Request grant type
code
redirect uri
client
credential/client id
Unique redirect
URI + Client ID
OK (as long as
there is no OAuth
3.0)
(a) + state as the
UA identifier /
TBID as UA
identifier
Token Response access token
token_type
expires_in
refresh_token
others
Unique redirect
URI
As above (a) + client_id +
state as the UA
identifier / TBID as
UA identifier
9

10. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
Integrity protect the AuthZ Request/Response
• draft-ietf-oauth-jwsreq aka
OAuth JAR
AuthZ
Request
• Use ID Token as a
dethatched signature.
• Include new parameter
`s_hash` in the ID Token.
AuthZ
Response
10

11. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
Comparison
Message Original
Parameters
Modified Parameters Original Integrity
Protection
Modified Integrity
Protection
Authorization
Request
response type
client id
redirect uri
scope
state
response type
client id
redirect uri (uniqeue)
scope
state/tbid
None JAR
Authorization
Response
code
state
extension
params
code
state
redirect uri (uniqeue)
client id
state/tbid
extension params
None ID Token + s_hash
Token Request grant type
code
redirect uri
client cred/id
grant type
code
redirect uri (uniqeue)
client cred/id
state/tbid
TLS TLS
Token Response access token
token_type
expires_in
refresh_token
others
access token
token_type
expires_in
refresh_token
others
TLS TLS
11

12. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
BCM Principles Satisfied!
12

13. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
13

14. © 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
14
Science
needed!