that, the HTTPS request contains the user credentials
and a parameter, sig, which is the hash of the param-
eters on the request calculated using a specific value
stored in the FB client app. As a response to the au-
thentication request (Step 5), FB client gets the user
information, among which there is the user’s identi-
fier (u id ), and an access token (token FB). token FB
is used by the FB client to obtain configuration and
user information. Note that, token FB has no expira-
tion date, but can be invalidated by the user either by
changing password or logging-out in the device.
Remark 1. We can observe that Steps 3-5 of Figure 5
correspond to the steps of Figure 2 with the User,
FB client and FB server playing the role of OAuth
RO, C and AS respectively. As the RO password cre-
dential, the FB implementation eliminates the need
for storing the user credentials for future use, by ex-
changing the credentials with a long-lived access to-
ken (token FB).
In Step 6, using the Android method
getPackageInfo(client packageName, Package
Manager.GET SIGNATURES) FB client extracts
the information about the certificate fingerprint
(key hash) included in the package of C, and in
Step 7, it sends a token request for C to FB server,
including C id, key hash and u id. First, FB server
checks whether the provided key hash matches
the one previously provided by the developer for
the given C id in the registration phase. If there
is no match then the flow is interrupted with an
error, otherwise FB server checks whether the user
authorized C. If C was not authorized by the user,
the response (Step 8) contains a consent form. The
consent form asks the user to grant or deny C to read
the profile information. Otherwise, if C was already
authorized by the user, the consent phase is skipped.
If the user agrees, the response (Step 9) contains the
access token for C (token C). In Step 10, FB client
returns control to C and provides token C as result of
the invoked Activity (see Step 2).
Remark 2. At this point, it is interesting to do an-
other comparison with the OAuth flows. We have
that Steps 2 and 7-10 of Figure 5 can be compared
with Steps 1-3 and 6-7 of Figure 3 with the User, C,
FB client, and FB server playing the role of OAuth
RO, C, UA, and AS, respectively. We can observe that
in the FB solution the WHCR entity is missing. The
WHCR is the server side of C and is needed to give
to the UA the instructions to interpret the fragment
values (e.g., access token value) returned in Step 3
and pass them to C. This procedure has been designed
to manage the same-origin policy when Cs are web
browser applications. Many native apps do not have
a corresponding server, so in the FB native solution,
the redirection URI is the same for every native app
and has the value fbconnect://success. Indeed, it
is the FB client that received the script and read the
access token out of the URI. In addition, we observe
that Step 8 of Figure 5 corresponds to Step 2 of Fig-
ure 3 without the user login (the user identity is passed
using the u id parameter).
Finally, C sends a request (Step 11) to the FB server
including token C to obtain the user information. C
obtains the user information from FB and this proves
that C is under control of the corresponding user.
By analyzing the FB solution, we have noticed
that it is the combination of two OAuth flows (Re-
source Owner password credential and Implicit), and
the FB client app has two purposes: (i) it permits FB
to authenticate C, and (ii) manages the SSO process
(user authentication and access token release). In ad-
dition, we observe that the FB solution satisfies the re-
quirements expected for a SSO solution: (i) a user has
to register only with the FB server and can use her FB
credentials with different native apps (Cs). This sat-
isfies requirements (R1); (ii) using FB client allows
user to enter her FB credentials just once, and the
app will store the authenticated session. Every time
a native app requires to login with the FB server, the
FB client will employ the stored session without ask-
ing the user for credentials again. This satisfies (R2).
3.3 Security Assumptions and Threat
Model
In order to perform a security analysis of the Face-
book solution, we need to identify security assump-
tions and threat model of a native SSO flow. We de-
cide to express these assumptions for a generalized
SSO solution, where the entities involved are: the hu-
man participant (User), the server that authenticates
the user (IdP server), the native app that manages au-
thentication and token exchange (IdP client), and the
native app that uses the authentication assertions of
the IdP (C).
3.3.1 Assumptions
The exchange of authentication assertions among the
different entities are regulated by the following as-
sumptions:
(A1) IdP server is trusted by C on identity asser-
tions;
(A2) users download and install the proper
IdP client apps (i.e., IdP client is authentic and
SECRYPT 2016 - International Conference on Security and Cryptography
152