OAuth2 Token
Service Name: OAuth 2.0 Authorization Framework
Service Description: OAuth 2.0 is an industry-standard protocol for authorization that enables third-party applications to obtain limited access to a user's account on an HTTP service. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access that user account.
Service Address: https://oauth.net/2/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but can be implemented at the service provider level depending on the OAuth implementation.
Secret Access Scope: Grants access to protected resources on behalf of the resource owner (user). The scope of access depends on the specific permissions granted during the OAuth flow.
Secret Revokement URL: Varies by service provider. Most OAuth providers offer token revocation endpoints (for example, /oauth/revoke or /oauth2/revoke).
Secret Example: ya29.a0AfB_byDNMJhXlTw2gBsVcIV- MqKCiVdgVMT8fzF5jKzQYtHbYQj9XYnGLbQPxOQZdPgT-Xh2UzI
Suspicious Activity Investigation Instructions:
- Check access logs of the service where the OAuth token was used.
- Review the token's granted scopes and permissions.
- Examine the IP addresses and user agents that have used the token.
- Verify if the token has been used outside normal business hours or from unusual locations.
- Check for unusual API calls or data access patterns using the token.
Mitigation Instructions:
- Revoke the compromised OAuth token immediately through the service provider's token revocation endpoint.
- Review and audit all other active OAuth tokens for the affected user or application.
- Check for any unauthorized data access or modifications that occurred using the token.
- Consider implementing shorter token lifetimes and refresh token rotation.
- Implement additional security measures such as IP restrictions if supported by the service provider.
- Update the affected application to use a new OAuth client secret if necessary.
- Consider implementing additional authentication factors for sensitive operations.