Evaluation of an OAuth 2.0 Protocol Implementation for Web Server Applications

OAuth 2.0 is one of the protocols that are most commonly implemented as an authorization framework currently. This is because it has many advantages, one of which is its ability to be flexibly implemented on different systems and for different purposes. This work evaluates the implementation of Google's OAuth 2.0 for web server applications. This evaluation indicates that the implementation of Google's OAuth 2.0 protocol may lead to a security flaw that exploits low to medium size web servers. This threat might occur by exhausting the storage resources of the web server and making its applications unavailable. In addition, a number of recommendations are made to help protect against this type of threat when an OAuth 2.0 authorization protocol is implemented on web application servers.