[Openid-specs-ab] Issue #1807: Signed Requests and Replay Prevention (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Wed Feb 1 14:28:57 UTC 2023
New issue 1807: Signed Requests and Replay Prevention
https://bitbucket.org/openid/connect/issues/1807/signed-requests-and-replay-prevention
Torsten Lodderstedt:
Signed requests \(according to JAR\) do not contain a server \(wallet\) provided nonce. This bears the risk of an attacker replaying such a request in order to impersonate a legit verifier. If the message signature is used to authenticate the client \(and present information to the user based on that\), the attacker could utilize the request to exfiltrate PII.
In classical OAuth, this risk is mitigated by pre-configured redirect URIs bound to a certain client. With custom schemes and even claimed URLs \(on Android\), the redirect URI does not longer prevent such attacks. Encrypted responses would be another option, if authentic public keys are used.
I suggest to conduct an analysis whether the original security model of signed request is still appropriate for OpenID4VP.
More information about the Openid-specs-ab
mailing list