When a website authenticates users, it does so for a so-called social login in electronic commerce (EC) site. A social login is used for a social media account, such as Facebook, Google, and Twitter. In such a case, the website uses OAuth and OpenID Connect. However, the implementation of a website might involve privacy concerns or be vulnerable to the attacks. In this paper, by crawling the login pages of 500 Japanese EC sites and tracing the authentication flows, we investigate the implementation status of social logins and their security against cross-site request forgery. We observed 28 websites that acquired more user permissions from SNS than necessary, or were vulnerable as a result of improper implementation.
CITATION STYLE
Saito, T., Kikuta, T., & Koshiba, R. (2020). How Securely Are OAuth/OpenID Connect Implemented in Japan? In Lecture Notes in Networks and Systems (Vol. 97, pp. 800–811). Springer. https://doi.org/10.1007/978-3-030-33506-9_73
Mendeley helps you to discover research relevant for your work.