Third party authentication and authorization login mode has been applied to MicroBlog, WeChat, Baidu and other open platform. As a result, this login mechanism is widely used in various fields of our country. Therefore, the OAuth protocol as a standard protocol of the open platform for authentication and authorization system is closely watched. Many researches show that the OAuth2.0 protocol, which is widely used in these open platforms, is vulnerable to phishing attacks, man-in-the-middle attacks and CSRF attacks during the implementation. In order to resist the most common phishing attacks in the network, this paper proposes a solution to improve the OAuth2. 0 authorization mechanism by preventing the attacker from masquerading as an authorization server, and proving the security and effectiveness of the improved authorization mechanism. It provides a reference for the security improvement of OAuth2.0 protocol.
Computer Applications and Software