Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ManuelBerrueta/FlowAnalyzer

FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
https://github.com/ManuelBerrueta/FlowAnalyzer

appsec identity oauth oauth2 oidc openid openid-connect redteam security security-tools

Last synced: 8 days ago
JSON representation

FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).

Host: GitHub
URL: https://github.com/ManuelBerrueta/FlowAnalyzer
Owner: ManuelBerrueta
License: mit
Created: 2024-07-08T13:35:37.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-07-08T14:32:40.000Z (4 months ago)
Last Synced: 2024-08-01T13:28:48.399Z (3 months ago)
Topics: appsec, identity, oauth, oauth2, oidc, openid, openid-connect, redteam, security, security-tools
Language: Jupyter Notebook
Homepage:
Size: 36.1 KB
Stars: 111
Watchers: 1
Forks: 7
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        ![FlowAnalyzer](FlowAnalyzer.png)

## Flow Analyzer

**Flow Analyzer** is designed for helping in low level understanding and testing of OAuth 2.0 Grants/Flows.

Although my use cases are from the security side of things, it can be beneficial from an engineer's point of view as well 😊     

- You'll find the notebooks to execute the flows under the `/Flows` directory and a brief explanation of each flow in `/Flows/Flows.md`.

    - The flows themselves are separated in their corresponding directory, in my attempt to keep things tidy!

- If you are interested in playing around with certificate authentication, check out the `/Cert_Setup` directory for details on how to do it and set it up.

  

### Setup:

To get started please see `SETUP.md` as for a tiny bit of setup to get everything working 😊.

    

> [!WARNING] ⚠ The code here is not meant to be used to do any formal AuthN or AuthZ checks in **Production** applications. These are meant for **testing** ONLY! Believe me there are a lot of things that can go wrong here!

> Please use the [Microsoft identity platform authentication libraries](https://learn.microsoft.com/en-us/entra/identity-platform/reference-v2-libraries) for production code.  

> You can also take a look at [Libraries for Token Signing/Verification @ JWT.io](https://jwt.io/libraries)

---     

### OpenID Connect (OIDC)

OAuth 2.0 was designed for authorization. OpenID Connect (OIDC) extends the OAuth 2.0 functionality to provide authentication. To find out more about OIDC, check the `/OpenID_Connect-OIDC` directory.

---     

### JSON Web Tokens aka JWT(s) 

If we are talking about OAuth and modern authentication we can't skip talking about JWTs, as these are the type of tokens we will be working with.

For further insights, please see `/JWT/JWT.md`.