The RFC recommends to use PKCE for web (public client)/native apps. It’s not stated that Dynamic Client Registration (DCR) is bad but it’s not stated as an alternative either. I am wondering if there is any negative aspect of the DCR that i am overlooking.
I would say that the biggest difference between the two is the fact that PKCE is much easier to implement with less bookkeeping while offering about the same protections as DCR.
Looking through the use cases defined in the DCR specification, it looks like the use case of native app or SPA app is included.
Is there a reason why is not included in the best practices? Which use case is ideal to use the DCR?
I’m working on an API that I’d like to be accessible internally by other servers as well as devices that I consider both as confidential private clients. Devices are considered private clients because the client_secret is stored in an encrypted area that prevents from unauthorised readout and modification (even though nothing is never bullet proof)
For auth, I’d like to use OAuth2 with the
client_credentials grant that seems to be a very good fit for these use cases. However I’m wondering how flexible is the standard regarding sharing the client_secret.
Basically the RFC doesn’t say much about sending your client id / client secret, it just offers an example here: https://tools.ietf.org/html/rfc6749#section-4.4.2 which is very simple by using the following header Authorization Basic: base64(client_id:client_secret)
In my opinion, it could be slightly more secure by computing a hash:
- the client requests a random to the server by sending their client_id
- the server replies with a random code (valid for like 10 mins, just like an authorization code)
- the client computes a hash = sha256(client_id, client_secret, code) and asks for a token
- the server computes the same hash, compares the client hash with the computed hash and sends an access token if they match
It would add an extra layer of security in case https is somehow broken or if anyone is able to read the header somehow.
However it doesn’t seem very OAuth2 compliant and I don’t really like re-inventing a standard. Another option would be to create my own extention grant, I’m just wondering if it’s really worth it, like no one seems to have done this.
Also, if I want to share my API with a 3rd party app, not sure it’s a good thing to force them into using something non really standard.
Authy is a popular cross-platform TOTP application that supports syncing keys across devices. I have been a little confused by the idea of having a desktop client… This way if someone accesses my primary PC they’d find all my passwords saved in my browsers, and would have access to my TOTP keys as well…
Doesn’t installing a TOTP client on your primary PC undermine the whole point of 2FA?
I’m analyzing traffic in order to understand TLS Client Hello structure so I can parse it.
I read that TLS 1.3 adds more signature algorithms. However, I saw a Client Hello message that states that the client version is 1.2, but has the new TLS 1.3 signature algorithms (e.g. Signature Algorithm: ed25519 (0x0807), see attached packet ahead).
Does that make sense?
Can I just assume that regardless of the version, I need to handle those new signature algorithms as well?
This is the packet in WireShark format.
I’ve noticed in my logs that after a client requests a page from my WP website, there is a second request like this:
What is this second request for, and why is it happening?
Facebook Apptoken uses OAuth2 client credential code. But the
client_secret are sent to the servier via HTTP GET method. Isn’t this unsecure ?
For instance, any node that has logging enabled between the client and the Facebook server will log the GET URL. Thus exposing login credentials in their logs in clear text.
I think it’s unsecured. Or am I missing something ? Are there other more secure ways to implement client credential that you know ?
Please hear me out. I used to scoff at people who asked this question because client-side hashing is “so obviously wrong.” I have read similar questions on this site but haven’t found a satisfactory answer.
Why hash on the server instead of the client?
If the goal is to prevent someone with access to the password database from logging in, then server-side hashing is an absolute must (otherwise someone could just send to the server whatever they stole from the passwords database).
However, my understanding is that the purpose of hashing is to help people who share the same password across many sites. When a password is properly hashed & salted, an attacker cannot as easily brute force the plaintext password then try it on a bunch of other websites.
If mitigating password-reuse attacks is the goal, apart from clients having less hashing power, hashing & salting  on the client side makes sense because it means that even a fully compromised server would never see a client’s plaintext password.
What am I missing?
 salting is important so that a compromised server cannot re-use hashes to log into other services hashing passwords on the client
I have a REST API that is used by 2 separate application and is authenticating them by M2M OAuth2 Client Credential Flow.
One of the two application is an automation service without user context. The second one is a REST API where users authenticate with OAuth2 Implicit Flow.
Now I need to include the user context in my common REST API too, since some information should only be shared to certain users.
What is a secure strategy to implement that scenario with OAuth2? I thought I could just include the user (or a fixed string in case of the automation service) into the Access Token of the Client Credential Flow but that doesn’t seem possible.
Is it possible to use openSSL without encryption and without a certificate at the server, but with validation of the client certificate? I’m not sure which cipher allows this (or where to get this info). I tried the following:
openssl s_server -cipher NULL-SHA256 -nocert -CAfile client_cert.pem -Verify 4 -verify_return_error -accept 44330 -www
openssl s_client -cipher NULL-SHA256 -cert client_cert.pem -key client_key.pem -connect 10.10.1.87:44330
But I’m getting errors at the server and at the client:
4699434604:error:140270C1:SSL routines:ACCEPT_SR_CLNT_HELLO_C:no shared cipher:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_srvr.c:1115: ACCEPT
CONNECTED(00000003) 4447727212:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40 4447727212:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/ssl/ssl_pkt.c:585: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1582732375 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
My goal is to implement a generic mobile client and backend authentication flow, just for practice. Imagine that I am building a note app that stores user notes on the backend. Instead of implementing my own user management in my backend, I want to rely on some popular OIDC providers to authenticate users from my backend.
The important thing is I am not interested in accessing any user data that OIDC Provider offers. My goal is to verify the user and the client whenever something hits my backend.
My understanding of OIDC Authentication flow is as follows:
IdProvider: the oidc provider
MyClient: mobile application. has
MyClient generates PKCE code challenge.
IdProvider authenticates the user and
MyClient receives a temporary
- (not sure on this)
MyBackend both the temp
authorization_code and the PKCE code verifier for token exchange.
MyBackend does token exchange with the
- (also not sure on this)
refresh_token back to
My justification on step 3 and 5 are this:
MyBackend can access
client_secret. Therefore token exchange can only be done by
MyClient is responsible for sending the temp
authorization_code and the PKCE code verifier.
id_token to hit normal
MyClient also needs
refresh_token to initiate the token refresh flow in case
Now in above flow it looks like there is no way I can prevent an attacker from stealing the
client_id and impersonate
MyClient. I have tried to search for sample implementation on the internet but many of them simply rely on the client-side authentication only. For example, this one: https://github.com/awslabs/aws-sdk-android-samples/tree/master/AmazonCognitoAuthDemo asks you to store
client_secret in the client side.. I am not sure why this is acceptable and AWS even built a sample for it?
Any help would be appreciated.