Security Analysis of Real-Life OpenID Connect Implementations
In this Master’s thesis, Christian Fries presents a lab environment for developers and penetration-testers to unveil security flaws in real-world OpenID Connect Certified Service Provider and Identity Provider implementations.
In addition, the paper describes common threats and attack scenarios including single- and cross-phase attacks on relying parties, like token substitution, key confusion and replay attacks. Also OpenID provider attacks, like message flow confusion, PKCE downgrade or sub claim spoofing are covered.
โ Read the Paper (.pdf)
OpenID Connect Security Considerations
This paper from security researchers of the Ruhr-University Bochum looked at OpenID Connect specification flaws and implementation issues opening up attack vectors. They outline common attack scenarios like session overwriting, redirect URI manipulation or token recipient confusion and give attack defense recommendations.
This crisp technical report is definitely a great source of inspiration for everyone who plans to conduct any form of OIDC pen-testing.
โ Read the Paper (.pdf)