Inferensys

Glossary

OAuth 2.0 Threat Model

The OAuth 2.0 Threat Model is a formal security analysis, documented in RFC 6819, that identifies common threats to OAuth 2.0 implementations and prescribes corresponding countermeasures and best practices.
Security engineer implementing LLM guardrails on laptop, safety rules visible on screen, technical implementation session.
SECURITY FRAMEWORK

What is OAuth 2.0 Threat Model?

The OAuth 2.0 Threat Model is the formal security analysis of the OAuth 2.0 authorization framework, identifying potential attack vectors and prescribing countermeasures.

The OAuth 2.0 Threat Model, formally documented in RFC 6819, is a systematic security analysis that enumerates the specific threats and vulnerabilities inherent to OAuth 2.0 implementations. It provides a foundational security framework for developers and architects by detailing common attack vectors—such as authorization code interception, client impersonation, and token replay—alongside the corresponding security requirements and mitigation strategies necessary to build robust systems.

This model is essential for implementing secure API authentication flows, as it directly informs countermeasures like using Proof Key for Code Exchange (PKCE) for public clients, enforcing strict client authentication, and validating redirect URIs. By adhering to its guidelines, engineers can safeguard against critical vulnerabilities, ensuring that access tokens and refresh tokens are protected throughout the authorization grant lifecycle, thereby maintaining the integrity of the delegated access mechanism.

RFC 6819

Key Threats and Countermeasures

The OAuth 2.0 Threat Model, formalized in RFC 6819, systematically identifies security vulnerabilities inherent to the OAuth 2.0 framework and prescribes specific countermeasures for implementers.

01

Authorization Code Interception

This threat occurs when an attacker steals the authorization code as it is transmitted from the authorization server back to the client, typically via the browser's redirect URI. The attacker can then exchange this intercepted code for an access token.

Primary Countermeasure: Proof Key for Code Exchange (PKCE). The client creates a cryptographically random code_verifier and sends a derived code_challenge with the initial authorization request. The original code_verifier must be presented when exchanging the code for a token, binding the token issuance to the original requestor.

02

Access Token Leakage & Replay

Bearer tokens can be leaked from client storage, browser history, logs, or network traffic. Any party in possession of a valid token can use it to access protected resources until it expires.

Key Countermeasures:

  • Short-Lived Access Tokens: Minimize the usable window after a leak.
  • Token Binding: Associate the token with a specific client characteristic (e.g., a TLS certificate via mTLS or a DPoP proof).
  • Confidential Clients: Store tokens securely on a backend server, not in public clients like mobile apps or SPAs.
  • Token Introspection: Resource servers should validate token status with the authorization server.
03

Client Impersonation

An attacker registers a malicious client that mimics a legitimate one or steals a legitimate client's credentials (client ID and secret). This allows the attacker to obtain tokens as if they were the trusted application.

Key Countermeasures:

  • Strong Client Authentication: Move beyond simple client secrets to private_key_jwt or mTLS-based client authentication.
  • Redirect URI Validation: Authorization servers must strictly validate registered redirect URIs to prevent tokens from being delivered to attacker-controlled endpoints.
  • Dynamic Client Registration Management: Scrutinize and audit client registrations.
04

Insufficient Scope Validation

A resource server fails to properly validate the scopes associated with an access token, granting the client more access than was authorized by the user. For example, a token with read scope might be accepted for a write operation.

Primary Countermeasure: Resource servers must implement strict scope checking for every API endpoint. The authorization server must include the granted scopes in the token (e.g., in a JWT scope claim) or make them available via token introspection. The resource server's policy engine must enforce these scopes.

05

Phishing & Consent Manipulation

Attackers trick users into authorizing a malicious OAuth client, often by mimicking the login page of a trusted service (phishing) or by obscuring the true scope of permissions being requested during the consent dialog.

Key Countermeasures:

  • User Education: Train users to verify the requesting application's identity and the permissions list.
  • Customizable Consent Screens: Clearly list the specific data and actions the client will access.
  • Client Identity Assurance: Use certifications (e.g., FAPI conformance) to signal high-assurance clients.
06

Credential Leakage via URI Fragments

In the Implicit Grant flow (now discouraged), the access token is returned in the URI fragment of the redirect. While fragments are not sent to the server, they may be leaked through browser history, referrer headers, or logging plugins.

Primary Countermeasure: Deprecate the Implicit Flow. Use the Authorization Code Flow with PKCE for all browser-based applications (SPAs, mobile apps). This flow returns only a short-lived code to the browser, and the token is retrieved via a secure backend channel or a client-constrained frontchannel.

OAUTH 2.0 THREAT MODEL

Frequently Asked Questions

This FAQ addresses common security questions regarding the OAuth 2.0 Threat Model, as defined in RFC 6819, which outlines the risks and countermeasures for OAuth 2.0 implementations.

The OAuth 2.0 Threat Model is a formal security analysis, documented in RFC 6819, that systematically identifies, describes, and provides mitigation strategies for common threats against OAuth 2.0 authorization frameworks. It serves as the foundational security guide for implementers, detailing how attackers might exploit weaknesses in clients, authorization servers, resource servers, and the protocol flows themselves. The model is essential for secure system design, moving beyond basic protocol compliance to proactive risk management. It covers threats like credential theft, token replay, and authorization code interception, providing the rationale for security best practices such as using PKCE, enforcing state parameters, and implementing proper token binding.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.