Authorization and OAuth 2.0 in Frends Integration Platform
Ollila, Juho (2024-06-24)
Authorization and OAuth 2.0 in Frends Integration Platform
(24.06.2024)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2024062558482
https://urn.fi/URN:NBN:fi-fe2024062558482
Tiivistelmä
Authorization has an integral role in many digital systems, such as APIs and integration platforms. OAuth 2.0 is one of the most popular authorization methods available, and many people use it daily.
This thesis investigates various authorization models used in integration platforms, by comparing these methods across different platforms, identifying typical privacy and security threats against APIs and integration platforms, and analyzing how the Frends Integration Platform addresses these threats.
The research questions addressed in this thesis:
• What are the biggest differences in authorization in different integration platforms?
• What are the typical privacy and security threats that authorization mechanisms are designed to prevent in integration platforms?
• How does Frends Integration Platform prevent the typical privacy and security
threats related to authorization and APIs?
• How different OAuth 2.0 authorization flows can currently be implemented in
Frends Integration Platform and could they be improved somehow?
Through the research, the thesis reveals differences in how integration platforms handle authorization, which are primarily affected by the architecture and the primary use case of the platforms. It also identifies key privacy and security threats against these platforms such as unauthorized access, data breaches, and man-in-the-middle attacks, and identifies Frends Integration Platforms security methods against these threats. Additionally, the thesis provides research on how OAuth 2.0 authorization flows can be implemented into an API deployed in Frends.
This thesis investigates various authorization models used in integration platforms, by comparing these methods across different platforms, identifying typical privacy and security threats against APIs and integration platforms, and analyzing how the Frends Integration Platform addresses these threats.
The research questions addressed in this thesis:
• What are the biggest differences in authorization in different integration platforms?
• What are the typical privacy and security threats that authorization mechanisms are designed to prevent in integration platforms?
• How does Frends Integration Platform prevent the typical privacy and security
threats related to authorization and APIs?
• How different OAuth 2.0 authorization flows can currently be implemented in
Frends Integration Platform and could they be improved somehow?
Through the research, the thesis reveals differences in how integration platforms handle authorization, which are primarily affected by the architecture and the primary use case of the platforms. It also identifies key privacy and security threats against these platforms such as unauthorized access, data breaches, and man-in-the-middle attacks, and identifies Frends Integration Platforms security methods against these threats. Additionally, the thesis provides research on how OAuth 2.0 authorization flows can be implemented into an API deployed in Frends.