A project summarizing the history, the workings and various changes in the Oauth protocol.
This is a project for the 'Security of Service-Oriented Architectures' course at the University of Milan that delves into an in-depth exploration of the history, functionality, and changes of the various versions of the OAuth Protocol.
Starting with an analysis of OAuth 1.0, including its protocol entities, flow, message exchange and authorization methods, reviewing some possible vulnerabilities of the protocol.
The second part of the presentation examines OAuth 2.0, focusing on its simplified workflow, new protocol roles and entities and the new types of authorization grants. Additionally, it highlights the differences and changes from the older version, providing insights into security aspects for a secure protocol implementation.
The third and final part of the project describes the latest draft of version 2.1 (draft-ietf-oauth-v2-1-09 at the time of creation), exploring the six major changes from version 2.0 and analyzing them from a security standpoint.
- Project's PDF - Project's PDF in repository
- Google Slides - Slides