OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of libraries that are widely used by service providers. In this paper, we formalize the OAuth specifications and security best practices, and design OAuthShield, an automated static analyzer, to find logical flaws and identify vulnerabilities in the implementation of OAuth authorization server libraries. To efficiently detect OAuth violations in a large codebase, OAuthShield employs a demand-driven algorithm for answering queries about OAuth specifications. To demonstrate the effectiveness of OAuthShield, we evaluate it on ten popular OAuth libraries that have millions of downloads. Among these high-profile libraries, OAuthShield has identified 47 vulnerabilities from ten classes of logical flaws, 24 of which were previously unknown. We got acknowledged by the developers of six libraries and had three accepted CVEs.

翻译：为简化第三方应用的用户认证和服务授权,已广泛采用Outh协议,简化了第三方应用的用户认证和服务授权,然而,在自动检查服务供应商广泛使用的图书馆的安全方面,没有做出多少努力;在本文件中,我们正式确定了Oauth规格和安全最佳做法,并设计了OauthShield(自动静态分析器),以发现逻辑缺陷,并查明实施Oauth授权服务器图书馆的弱点;为了在大型代码库中有效检测Oauth违反Outh规定的情况,OAuthShhild使用需求驱动的算法回答关于OAuth规格的询问;为了证明Oauth Shield的有效性,我们评估了10个拥有数百万下载量的流行OAuth图书馆。在这些高知名度的图书馆中,OauthShield发现了10类逻辑缺陷的47个弱点,其中24个以前是未知的。我们得到了6个图书馆的开发商的承认,并接受3个CVE。