Skip to content

OAuth2 Token

Service Name: OAuth 2.0 Authorization Framework

Service Description: OAuth 2.0 is an industry-standard protocol for authorization that enables third-party applications to obtain limited access to a user's account on an HTTP service. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access that user account.

Service Address: https://oauth.net/2/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but can be implemented at the service provider level depending on the OAuth implementation.

Secret Access Scope: Grants access to protected resources on behalf of the resource owner (user). The scope of access depends on the specific permissions granted during the OAuth flow.

Secret Revokement URL: Varies by service provider. Most OAuth providers offer token revocation endpoints (for example, /oauth/revoke or /oauth2/revoke).

Secret Example: ya29.a0AfB_byDNMJhXlTw2gBsVcIV- MqKCiVdgVMT8fzF5jKzQYtHbYQj9XYnGLbQPxOQZdPgT-Xh2UzI

Suspicious Activity Investigation Instructions:

  • Check access logs of the service where the OAuth token was used.
  • Review the token's granted scopes and permissions.
  • Examine the IP addresses and user agents that have used the token.
  • Verify if the token has been used outside normal business hours or from unusual locations.
  • Check for unusual API calls or data access patterns using the token.

Mitigation Instructions:

  • Revoke the compromised OAuth token immediately through the service provider's token revocation endpoint.
  • Review and audit all other active OAuth tokens for the affected user or application.
  • Check for any unauthorized data access or modifications that occurred using the token.
  • Consider implementing shorter token lifetimes and refresh token rotation.
  • Implement additional security measures such as IP restrictions if supported by the service provider.
  • Update the affected application to use a new OAuth client secret if necessary.
  • Consider implementing additional authentication factors for sensitive operations.