"code_verifier" 在 PKCE OAuth 2.0 中有什么意义?
What is the significance of "code_verifier" in PKCE OAuth 2.0?
在 PKCE 中,我了解到 code_verifier 用于生成代码质询,稍后此 code_verifier 值由授权服务器验证以完成 PKCE 过程。
这个 code_verfier 值有多敏感?这个值是否必须保密?如果这个值被泄露,攻击者可以进行哪些攻击?
code_verifier确实很敏感:它是客户端在调用令牌端点时证明它是第一个发起授权请求的机制。
这个值应该保密,另见下文。
泄漏它将允许攻击者在调用授权服务器的令牌端点时冒充 (public) 客户端,从而获得用于真实客户端的令牌。
请注意,即使在 code_verifier 上不使用任何(散列)转换,而是在授权请求的 code_challenge 中将其作为 plain 发送,它仍然会使它变得困难对于能够拦截重定向 URI 回调的攻击者,因为他还必须拦截传出请求。
但一般来说 code_verifier 应该用 SHA256 散列到 code_challenge 所以即使拦截请求,攻击者也无法推断出 code_verifier.
OAuth 2.0 [RFC6749] public clients are susceptible to the
authorization code interception attack.
In this attack, the attacker intercepts the authorization code
returned from the authorization endpoint within a communication path
not protected by Transport Layer Security (TLS), such as inter-
application communication within the client's operating system.
Once the attacker has gained access to the authorization code, it can
use it to obtain the access token.
...
To mitigate this attack, this extension utilizes a dynamically
created cryptographically random key called "code verifier". A
unique code verifier is created for every authorization request, and
its transformed value, called "code challenge", is sent to the
authorization server to obtain the authorization code. The
authorization code obtained is then sent to the token endpoint with
the "code verifier", and the server compares it with the previously
received request code so that it can perform the proof of possession
of the "code verifier" by the client. This works as the mitigation
since the attacker would not know this one-time key, since it is sent
over TLS and cannot be intercepted.
这里的关键措辞是:“客户端拥有 'code verifier' 的证据。这起到了缓解作用,因为攻击者不会知道这个一次性密钥,因为它是通过 TLS 发送的,并且无法拦截。"
长话短说:
代码质询+验证器对是证明请求身份验证令牌的客户端与首先请求授权代码的客户端相同(或受其信任)的关键。如果代码验证器被泄露,那么 RFC 中提到的攻击(本质上是恶意应用程序利用串扰来冒充合法应用程序)不会得到缓解,因此 PKCE 的目的(防止此类攻击)将受挫。
在 PKCE 中,我了解到 code_verifier 用于生成代码质询,稍后此 code_verifier 值由授权服务器验证以完成 PKCE 过程。
这个 code_verfier 值有多敏感?这个值是否必须保密?如果这个值被泄露,攻击者可以进行哪些攻击?
code_verifier确实很敏感:它是客户端在调用令牌端点时证明它是第一个发起授权请求的机制。
这个值应该保密,另见下文。
泄漏它将允许攻击者在调用授权服务器的令牌端点时冒充 (public) 客户端,从而获得用于真实客户端的令牌。
请注意,即使在 code_verifier 上不使用任何(散列)转换,而是在授权请求的 code_challenge 中将其作为 plain 发送,它仍然会使它变得困难对于能够拦截重定向 URI 回调的攻击者,因为他还必须拦截传出请求。
但一般来说 code_verifier 应该用 SHA256 散列到 code_challenge 所以即使拦截请求,攻击者也无法推断出 code_verifier.
OAuth 2.0 [RFC6749] public clients are susceptible to the authorization code interception attack.
In this attack, the attacker intercepts the authorization code returned from the authorization endpoint within a communication path not protected by Transport Layer Security (TLS), such as inter- application communication within the client's operating system.
Once the attacker has gained access to the authorization code, it can use it to obtain the access token.
...
To mitigate this attack, this extension utilizes a dynamically created cryptographically random key called "code verifier". A unique code verifier is created for every authorization request, and its transformed value, called "code challenge", is sent to the authorization server to obtain the authorization code. The authorization code obtained is then sent to the token endpoint with the "code verifier", and the server compares it with the previously received request code so that it can perform the proof of possession of the "code verifier" by the client. This works as the mitigation since the attacker would not know this one-time key, since it is sent over TLS and cannot be intercepted.
这里的关键措辞是:“客户端拥有 'code verifier' 的证据。这起到了缓解作用,因为攻击者不会知道这个一次性密钥,因为它是通过 TLS 发送的,并且无法拦截。"
长话短说:
代码质询+验证器对是证明请求身份验证令牌的客户端与首先请求授权代码的客户端相同(或受其信任)的关键。如果代码验证器被泄露,那么 RFC 中提到的攻击(本质上是恶意应用程序利用串扰来冒充合法应用程序)不会得到缓解,因此 PKCE 的目的(防止此类攻击)将受挫。