OAuch is a security best practices and threats analyzer for OAuth 2.0 server implementations. Its main goal is to encourage providers to secure their services by pointing out security improvements that could be made in the implementation and uncovering relevant threats. OAuth implementations are semi-automatically tested using a large set of security-related test cases. The tests are based on the requirements put forth by the original OAuth 2.0 specification, as well as a number of other documents that refine the security assumptions and requirements. These documents include the OAuth threat model, the Security Best Current Practices, and others. In addition to OAuth, OAuch also supports OpenID Connect providers.
OAuch is offered for free. It was initially developed in the context of an API security project. OAuch will soon be open sourced. If you wish to contribute to the project, please check back later.
Contact the OAuch team at email@example.com
PRIVACY and COOKIES
OAuch does not collect any personal information.
Functional cookies are used for essential services (user authentication and security). The OAuch website does not use tracking cookies whatsoever.
The OAuch logo is based on the OAuth logo created by Chris Messina. The logo is released under the Creative Commons Attribution ShareAlike 3.0 license.