OAuth is an open standard for token-based authentication and authorization. OAuth allows the use of a user’s account information by third-party services, without exposing the user’s password. OAuth acts as an intermediary on behalf of the user and provides the service with an access token that authorizes the sharing of account information. For example, an application that analyzes the user’s calendar and gives advice on how to be more productive needs to access the user’s calendar. Instead of providing the user’s credentials, OAuth allows the application to access data based solely on a token, which is generated when the user consents to a page.
Basically, OAuth works as: A user enters their SSO account information and the application verifies with Google or Facebook that that information is correct. After Google or Facebook determine that the user has provided the correct information, they will return a login token. The app then uses this token to allow the user to log in.
Detect these OAuth risks and ensure your safety
More than half of the applications verify the validity of the token returned by the Google or Facebook server, but 41% do not. The application has no way of knowing if a username and password combination is valid.
So how can we detect these applications that present this risk? The risks of OAuth can be detected by:
▸Alerts
You can set policies to automatically send notifications when an OAuth application meets certain criteria. For example, you can set a policy to automatically notify you when an application that requires elevated permissions is detected and has been authorized by more than 50 users.
▸Search
Dont forget to use high security filters for example: Set the filter to High Severity Permission Level and Uncommon Community Use. With this filter, you can focus on potentially high-risk applications.
