Authorizing Third-Party Applications Served through Messaging Platforms
Resumen: The widespread adoption of smartphones and the new-generation wireless networks have changed the way that people interact among themselves and with their environment. The use of messaging platforms, such as WhatsApp, has become deeply ingrained in peoples’ lives, and many digital services have started to be delivered using these communication channels. In this work, we propose a new OAuth grant type to be used when the interaction between the resource owner and the client takes place through a messaging platform. This new grant type firstly allows the authorization server to be sure that no Man-in-the-Middle risk exists between the resource owner and the client before issuing an access token. Secondly, it allows the authorization server to interact with the resource owner through the same user-agent already being used to interact with the client, i.e., the messaging platform, which is expected to improve the overall user experience of the authorization process. To verify this assumption, we conducted a usability study in which subjects were required to perform the full authorization process using both the standard authorization code grant type (through a web-browser) and the new grant type defined in this work. They have also been required to fill in a small questionnaire including some demographic information and their impressions about both authorization flows. The results suggest that the proposed grant type eases the authorization process in most cases.
Idioma: Inglés
DOI: 10.3390/s21175716
Año: 2021
Publicado en: Sensors (Switzerland) 21, 17 (2021), 5716 [16 pp.]
ISSN: 1424-8220

Financiación: info:eu-repo/grantAgreement/ES/DGA-FEDER/T31-20R
Financiación: info:eu-repo/grantAgreement/ES/DGA-MECD/FPU15-04841
Financiación: info:eu-repo/grantAgreement/ES/MINECO-FEDER/TIN2016-76770-R
Tipo y forma: Artículo (Versión definitiva)
Área (Departamento): Área Ingeniería Telemática (Dpto. Ingeniería Electrón.Com.)

Creative Commons Debe reconocer adecuadamente la autoría, proporcionar un enlace a la licencia e indicar si se han realizado cambios. Puede hacerlo de cualquier manera razonable, pero no de una manera que sugiera que tiene el apoyo del licenciador o lo recibe por el uso que hace.

Exportado de SIDERAL (2021-10-08-11:35:14)

Este artículo se encuentra en las siguientes colecciones:

 Registro creado el 2021-10-08, última modificación el 2021-10-08

Versión publicada:
Valore este documento:

Rate this document:
(Sin ninguna reseña)