[1] Hardt D, Ed. The OAuth 2.0 Authorization Framework [S]. Fremont: Internet Engineering Task Force (IETF), 2012.
[2] Jones M. The OAuth 2.0 Authorization Framework: Bearer Token Usage [S]. Fremont: Internet Engineering Task Force (IETF), 2012.
[3] Sakimura N, Bradley J, Jones M, et al. OpenID Connect Core 1.0 incorporating errata set 1 [S]. San Ramon: OpenID Foundation (OIDF), 2014.
[4] Jones M. JSON Web Token (JWT) [S]. Fremont: Internet Engineering Task Force (IETF), 2015.
[5] Cahill Conor P, Hughes J, Lockhart H, et al. Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 [S]. Burlington: Organization for the Advancement of Structured Information Standards (OASIS), 2005.
[6] Lodderstedt T, Ed. OAuth 2.0 Threat Model and Security Considerations [S]. Fremont: Internet Engineering Task Force (IETF), 2013.
[7] 陈君, 张生. 基于OAuth单点登录系统的安全性分析和评估[J]. 电子科技, 2017, 30(9):165-168.
[8] Wang R, Chen S, Wang X, et al. Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services[C]// Symposium on Security and Privacy. Piscataway, NJ: IEEE, 2012: 365-379.
[9] Zhou Y, Evans D. SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities[C]// Usenix Security Symposium. Berkeley: USENIX, 2014.
[10] Chen E Y, Pei Y, Chen S, et al. OAuth Demystified for Mobile Application Developers[C]// Conference on Computer and Communications Security. New York: ACM, 2014:892-903.
[11] Wang H , Zhang Y , Li J , et al. The Achilles heel of OAuth: a multi-platform study of OAuth-based authentication[C]// Annual Computer Security Applications Conference. Piscataway, NJ: IEEE, 2016: 167-176.
[12] Facebook. Manually Build a Login Flow [EB/OL]. [2018-12-11]. https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow.
[13] Yang R, Li G, Lau W C, et al. Model-based Security Testing:An Empirical Study on OAuth 2.0 Implementations[C]// Computer and Communications Security. Piscataway, NJ: IEEE, 2016:651-662.
[14] Luo T, Hao H, Du W, et al. Attacks on WebView in the Android system[C]// Computer Security Applications Conference. New York: ACM, 2011:343-352.
[15] Mohsen F, Shehab M. Hardening the OAuth-WebView Implementations in Android Applications by Re-Factoring the Chromium Library[C]// International Conference on Collaboration and Internet Computing. Piscataway, NJ: IEEE, 2017.
[16] Wang R, Xing L, Wang X F, et al. Unauthorized origin crossing on mobile platforms:threats and mitigation[C]// ACM Sigsac Conference on Computer & Communications Security. New York: ACM, 2013:635-646.
[17] Yang R, Lau W C, Shi S. Breaking and Fixing Mobile App Authentication with OAuth 2.0-based Protocols[C]// Applied Cryptography and Network Security. New York: Springer, 2017:313-335.
[18] Wang H, Zhang Y, Li J, et al. Vulnerability Assessment of OAuth Implementations in Android Applications[C]// Computer Security Applications Conference. New York: ACM, 2015:61-70.
|