OAuth 2.0 Authorization using Blockchain-based Tokens

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos
2020 Proceedings 2020 Workshop on Decentralized IoT Systems and Security   unpublished
OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are
more » ... . Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange, by leveraging smart contracts. We realized a proof-ofconcept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.
doi:10.14722/diss.2020.23002 fatcat:3jad64jcbngjtdbhbxyvxye5cm