PKCE vs Dynamic Client Registration for public clients

The RFC recommends to use PKCE for web (public client)/native apps. It’s not stated that Dynamic Client Registration (DCR) is bad but it’s not stated as an alternative either. I am wondering if there is any negative aspect of the DCR that i am overlooking.

I would say that the biggest difference between the two is the fact that PKCE is much easier to implement with less bookkeeping while offering about the same protections as DCR.

Looking through the use cases defined in the DCR specification, it looks like the use case of native app or SPA app is included.

Is there a reason why is not included in the best practices? Which use case is ideal to use the DCR?

OAuth2 – Sending a hash of your client_secret when using the client credentials grant instead of the secret

I’m working on an API that I’d like to be accessible internally by other servers as well as devices that I consider both as confidential private clients. Devices are considered private clients because the client_secret is stored in an encrypted area that prevents from unauthorised readout and modification (even though nothing is never bullet proof)

For auth, I’d like to use OAuth2 with the client_credentials grant that seems to be a very good fit for these use cases. However I’m wondering how flexible is the standard regarding sharing the client_secret.

Basically the RFC doesn’t say much about sending your client id / client secret, it just offers an example here: https://tools.ietf.org/html/rfc6749#section-4.4.2 which is very simple by using the following header Authorization Basic: base64(client_id:client_secret)

In my opinion, it could be slightly more secure by computing a hash:

  1. the client requests a random to the server by sending their client_id
  2. the server replies with a random code (valid for like 10 mins, just like an authorization code)
  3. the client computes a hash = sha256(client_id, client_secret, code) and asks for a token
  4. the server computes the same hash, compares the client hash with the computed hash and sends an access token if they match

It would add an extra layer of security in case https is somehow broken or if anyone is able to read the header somehow.

However it doesn’t seem very OAuth2 compliant and I don’t really like re-inventing a standard. Another option would be to create my own extention grant, I’m just wondering if it’s really worth it, like no one seems to have done this.

Also, if I want to share my API with a 3rd party app, not sure it’s a good thing to force them into using something non really standard.

Doesn’t installing a TOTP client on your primary PC undermine the whole point of 2FA? [duplicate]

Authy is a popular cross-platform TOTP application that supports syncing keys across devices. I have been a little confused by the idea of having a desktop client… This way if someone accesses my primary PC they’d find all my passwords saved in my browsers, and would have access to my TOTP keys as well…

Doesn’t installing a TOTP client on your primary PC undermine the whole point of 2FA?

How come there are TLS 1.3 signature algorithms when the client version stated is TLS 1.2?

I’m analyzing traffic in order to understand TLS Client Hello structure so I can parse it.

I read that TLS 1.3 adds more signature algorithms. However, I saw a Client Hello message that states that the client version is 1.2, but has the new TLS 1.3 signature algorithms (e.g. Signature Algorithm: ed25519 (0x0807), see attached packet ahead).

Does that make sense?

Can I just assume that regardless of the version, I need to handle those new signature algorithms as well?

This is the packet in WireShark format.

Why is client requesting error template

I’ve noticed in my logs that after a client requests a page from my WP website, there is a second request like this:

https://example.com/en/?wp_error_template=500&WB_REVISION=0.3.0%3BAvada%3D6.2.2%3Buser%3D0%3Boptions%3Df199a994ba0e1842b91c8060ffb02756%3Bnav%3Ddfba79fdd9d74597a719bc602975add4%3Bdeps%3D7b7e7a523eb133a733a7ebba5e1c1544%3Bcb21a705e60f14a0f97df136e58e762a

What is this second request for, and why is it happening?

Why hash on server instead of client? [duplicate]

Please hear me out. I used to scoff at people who asked this question because client-side hashing is “so obviously wrong.” I have read similar questions on this site but haven’t found a satisfactory answer.

Why hash on the server instead of the client?

If the goal is to prevent someone with access to the password database from logging in, then server-side hashing is an absolute must (otherwise someone could just send to the server whatever they stole from the passwords database).

However, my understanding is that the purpose of hashing is to help people who share the same password across many sites. When a password is properly hashed & salted, an attacker cannot as easily brute force the plaintext password then try it on a bunch of other websites.

If mitigating password-reuse attacks is the goal, apart from clients having less hashing power, hashing & salting [0] on the client side makes sense because it means that even a fully compromised server would never see a client’s plaintext password.

What am I missing?

[0] salting is important so that a compromised server cannot re-use hashes to log into other services hashing passwords on the client

Combining User Context in Machine-2-Machine OAuth2 Client Credential Flow

I have a REST API that is used by 2 separate application and is authenticating them by M2M OAuth2 Client Credential Flow.

enter image description here

One of the two application is an automation service without user context. The second one is a REST API where users authenticate with OAuth2 Implicit Flow.

Now I need to include the user context in my common REST API too, since some information should only be shared to certain users.

What is a secure strategy to implement that scenario with OAuth2? I thought I could just include the user (or a fixed string in case of the automation service) into the Access Token of the Client Credential Flow but that doesn’t seem possible.

openssl s_server without PSK/certificate, but with client certificate validation

Is it possible to use openSSL without encryption and without a certificate at the server, but with validation of the client certificate? I’m not sure which cipher allows this (or where to get this info). I tried the following:

server:

openssl s_server -cipher NULL-SHA256 -nocert -CAfile client_cert.pem -Verify 4 -verify_return_error  -accept 44330 -www   

client:

openssl s_client -cipher NULL-SHA256 -cert client_cert.pem -key client_key.pem  -connect 10.10.1.87:44330 

But I’m getting errors at the server and at the client:

server error:

4699434604:error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_srvr.c:1115: ACCEPT 

client error:

CONNECTED(00000003) 4447727212:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40 4447727212:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session:     Protocol  : TLSv1.2     Cipher    : 0000     Session-ID:     Session-ID-ctx:     Master-Key:     Start Time: 1582732375     Timeout   : 7200 (sec)     Verify return code: 0 (ok) --- 

Can backend verify mobile client using OpenID Connect?


Objective

My goal is to implement a generic mobile client and backend authentication flow, just for practice. Imagine that I am building a note app that stores user notes on the backend. Instead of implementing my own user management in my backend, I want to rely on some popular OIDC providers to authenticate users from my backend.

The important thing is I am not interested in accessing any user data that OIDC Provider offers. My goal is to verify the user and the client whenever something hits my backend.


My understanding of OIDC Authentication flow is as follows:

  • IdProvider: the oidc provider
  • MyClient: mobile application. has client_id
  • MyBackend: has client_secret

Steps:

  1. MyClient generates PKCE code challenge.
  2. IdProvider authenticates the user and MyClient receives a temporary authorization_code.
  3. (not sure on this) MyClient sends MyBackend both the temp authorization_code and the PKCE code verifier for token exchange.
  4. MyBackend does token exchange with the IdProvider.
  5. (also not sure on this) MyBackend sends id_token and refresh_token back to MyClient.

My justification on step 3 and 5 are this:

  • Only MyBackend can access client_secret. Therefore token exchange can only be done by MyBackend and MyClient is responsible for sending the temp authorization_code and the PKCE code verifier.
  • MyClient needs id_token to hit normal MyBackend endpoints. MyClient also needs refresh_token to initiate the token refresh flow in case id_token expires.

Problem

Now in above flow it looks like there is no way I can prevent an attacker from stealing the client_id and impersonate MyClient. I have tried to search for sample implementation on the internet but many of them simply rely on the client-side authentication only. For example, this one: https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemo asks you to store client_secret in the client side.. I am not sure why this is acceptable and AWS even built a sample for it?

Any help would be appreciated.