About OAuch

OAuch is a security best practices and threats analyzer for OAuth 2.0 server implementations. Its main goal is to encourage providers to secure their services by pointing out security improvements that could be made in the implementation and uncovering relevant threats. OAuth implementations are semi-automatically tested using a large set of security-related test cases. The tests are based on the requirements put forth by the original OAuth 2.0 specification, as well as a number of other documents that refine the security assumptions and requirements. These documents include the OAuth threat model, the Security Best Current Practices, and others. In addition to OAuth, OAuch also supports OpenID Connect providers.

OAuch is offered for free. It was initially developed in the context of an API security project. OAuch is open source. You can find a repository with an anonymized version of the source code and without source code comments on BitBucket. The code has been anonymized because the submission process of the academic paper that describes OAuch requires this. The final repository with the non-anonymized source code will be referenced here 0as soon as possible.

Contact the OAuch team at info@oauch.io

OAuch does not collect any personal information.

Functional cookies are used for essential services (user authentication and security). The OAuch website does not use tracking cookies whatsoever.

The OAuch logo is based on the OAuth logo created by Chris Messina. The logo is released under the Creative Commons Attribution ShareAlike 3.0 license.