An Authorization Framework with OAuth for FinTech Servers


Göçer B. D. , BAHTİYAR Ş.

2019 4th International Conference on Computer Science and Engineering (UBMK), Samsun, Turkey, 11 - 15 September 2019, pp.536-541 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/ubmk.2019.8907182
  • City: Samsun
  • Country: Turkey
  • Page Numbers: pp.536-541
  • Keywords: Authorization, OAuth, FinTech, Security, Vulnerability

Abstract

OAuth is used by many FinTech applications for authorization purposes and there are many implementations of OAuth protocol. Some of the implementations do not implement OAuth specifications correctly. This creates critical vulnerabilities on the FinTech applications that circumstances give rise a negative impact on FinTech companies. In this paper, we have analyzed 18 authorization servers that are used by FinTech applications. We have selected and analyzed resource servers (more than 100 applications) that use these OAuth servers to find their vulnerabilities. We have found some vulnerabilities on the flow of OAuth implementations. We propose a framework to reduce the implementation vulnerabilities on the flow. Our analyses results show that the proposed framework will help developers to reduce the most common vulnerabilities on OAuth flow.