OAuthShield: Efficient Security Checking for OAuth Service Provider Implementations

OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of libraries that are widely used by service providers. In this paper, we formalize the OAuth specifications and security best practices, and design OAuthShield, an automated static analyzer, to find logical flaws and identify vulnerabilities in the implementation of OAuth authorization server libraries. To efficiently detect OAuth violations in a large codebase, OAuthShield employs a demand-driven algorithm for answering queries about OAuth specifications. To demonstrate the effectiveness of OAuthShield, we evaluate it on ten popular OAuth libraries that have millions of downloads. Among these high-profile libraries, OAuthShield has identified 47 vulnerabilities from ten classes of logical flaws, 24 of which were previously unknown. We got acknowledged by the developers of six libraries and had three accepted CVEs.