{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T11:49:46Z","timestamp":1752666586909,"version":"3.38.0"},"reference-count":23,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,12,8]],"date-time":"2024-12-08T00:00:00Z","timestamp":1733616000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,12,8]],"date-time":"2024-12-08T00:00:00Z","timestamp":1733616000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100004040","name":"KU Leuven","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004040","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,12,8]]},"DOI":"10.1109\/globecom52923.2024.10901500","type":"proceedings-article","created":{"date-parts":[[2025,3,11]],"date-time":"2025-03-11T17:30:35Z","timestamp":1741714235000},"page":"3607-3612","source":"Crossref","is-referenced-by-count":1,"title":["Is Your OAuth Middleware Vulnerable? Evaluating Open-Source Identity Providers\u2019 Security"],"prefix":"10.1109","author":[{"given":"Pieter","family":"Philippaerts","sequence":"first","affiliation":[{"name":"KU Leuven,DistriNet"}]},{"given":"Jan","family":"Vanhoof","sequence":"additional","affiliation":[{"name":"KU Leuven,DistriNet"}]},{"given":"Tom","family":"Van Cutsem","sequence":"additional","affiliation":[{"name":"KU Leuven,DistriNet"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[{"name":"KU Leuven,DistriNet"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"crossref","DOI":"10.17487\/rfc6749","article-title":"The OAuth 2.0 authorization framework","author":"Hardt","year":"2012"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3545948.3545955"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_18"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897874"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3338500.3360331"},{"article-title":"WPSE: fortifying web protocols via browser-side security monitoring","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"Calzavara","key":"ref6"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_13"},{"article-title":"OAuth 2.0 threat model and security considerations","year":"2013","author":"McGloin","key":"ref8"},{"author":"Bradley","key":"ref9","article-title":"OAuth 2.0 security best current practice"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978385"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627140"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560692"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW59978.2023.00064"},{"article-title":"User-managed access (UMA) 2.0 grant for OAuth 2.0 authorization","year":"2018","author":"Machulak","key":"ref14"},{"key":"ref15","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8628","article-title":"OAuth 2.0 device authorization grant","author":"Denniss","year":"2019"},{"article-title":"OpenID Connect","year":"2014","author":"Sakimura","key":"ref16"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559381"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-12-2013-0089"},{"key":"ref19","doi-asserted-by":"crossref","DOI":"10.17487\/RFC7636","article-title":"Proof key for code exchange by OAuth public clients","author":"Sakimura","year":"2015"},{"article-title":"Make redirection evil again: URL parser issues in OAuth","volume-title":"BlackHat Asia","author":"Wang","key":"ref20"},{"article-title":"Crippling HTTPS with unholy PAC","volume-title":"BlackHat USA","author":"Kotler","key":"ref21"},{"key":"ref22","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8252","article-title":"OAuth 2.0 for native apps","author":"Denniss","year":"2017"},{"article-title":"Referer leakage vulnerability leads to OAuth token theft","year":"2019","author":"Gomes","key":"ref23"}],"event":{"name":"GLOBECOM 2024 - 2024 IEEE Global Communications Conference","start":{"date-parts":[[2024,12,8]]},"location":"Cape Town, South Africa","end":{"date-parts":[[2024,12,12]]}},"container-title":["GLOBECOM 2024 - 2024 IEEE Global Communications Conference"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10900933\/10900934\/10901500.pdf?arnumber=10901500","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T05:54:07Z","timestamp":1741758847000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10901500\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,8]]},"references-count":23,"URL":"https:\/\/doi.org\/10.1109\/globecom52923.2024.10901500","relation":{},"subject":[],"published":{"date-parts":[[2024,12,8]]}}}