SPL Token Exchange
- Aiyan Jiang
- 1 Endpoint Protection
- 1.1 Structure
- 1.2 Token Attainment
- 1.2.1 Scope
- 1.3 Potential Vulnerabilities
- 1.3.1 Token Sidejacking
- 2 Access Code Exchange
- 2.1 Requirements
- 2.2 Structure
work in progress subject to change
Endpoint Protection
The method by which secure endpoints are protected.
The planned method of authenticating HTTP requests from the Safe Places web app is to use a JSON Web Token (JWT).
The rationale behind the decision is due to the token’s ability to retain potentially sensitive information (JWT claims) in transit while maintaining its data integrity via key-signing.
Structure
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "<username>",
"role": "<user_role">,
"context": "<hashed_cookie_context">,
"iat": "<issue_date">,
"exp": "<expiration_date">
}Variable | Description |
|---|---|
| The username of the authorized user. |
| The role of the user. |
| The hashed context of the session. This will be compared to a sent cookie. See the “Potential Vulnerabilities” section for more details. |
| (Built-in to JWT) The date the token was issued. Note that the date is the number of seconds since Jan 1 1970. This is the equivalent of the Javascript |
| The date the token expires. |
Token Attainment
The method by which the token will be securely obtained by the Safe Places web app.
Scope
The Safe Places backend will not be handling the management of the user pool.
Token attainment will largely depend on the health authority. To accommodate common methods of identity management, the Safe Places backend will enable compatibility with Lightweight Directory Access Protocol (LDAP) and/or Active Directory (AD).
SPL Web App sends the
usernameandpasswordto SPL Backend.SPL Backend uses DN resolution based on the sent username.
LDAP Server responds with the distinguished name (DN) of the user.
SPL Backend runs the
bindcommand to validate theDNandpassword.LDAP Server responds with either success or failure.
If successful, SPL Backend issues a JSON Web Token with appropriate permissions to the client.
Potential Vulnerabilities
Token Sidejacking
An attacker may steal the token from the authorized user and use it for nefarious purposes. To mitigate this attack, we will employ token contextualization.
We generate a random string during the authentication phase and send it to the client as a cookie.
The cookie must have the flags
HttpOnly,Secure, andSameSite.
We store a SHA256 hash of the random string in the token as
context.
During token validation, we compare the token context with the sent cookie. If they are different, then reject the request.
Access Code Exchange
The method by which access tokens for consent are generated and exchanged.
The planned method for generating an access code to be communicated to the member of the public (MoP) is generating a fixed-length numeric code.
Requirements
The numeric code must be generated with a cryptographically secure random number generator.
The code must be short enough and unambiguous so that it can be communicated verbally over the telephone.
The code must be long enough so that an attacker cannot brute-force the code.
This problem can be remediated by rate-limiting the access code endpoint.
Structure
Numeric digits allow us log2(10) = 3.32 bits of entropy per character. RFC 4086 recommends 29 bits of entropy for a password dependent on online authentication.
To meet that, we would need roughly 8 digits to have a decently-secured access code. Through key-stretching via simple HTTP rate-limiting, while considering accessibility, we can likely reduce the requirement to 6 digits.
An example of an access code would be as follows:
123759