Analysis of authentication methods for full-stack applications and implementation of a web application with an integrated authentication system

Abstract

The subject of research is methods and techniques for secure user authentication in web applications. The goal of the work is to analyse authentication methods and implement a web application with an authentication system integrating JWT tokens and the OAuth v2.0 standard. The article solves the tasks of analysis of the main protocols and methods of user authentication in web applications, implementation of authentication based on the OAuth 2.0 standard and JWT access/refresh token, and analysis of the risks of vulnerabilities and attacks for the implemented web applications. Methods used: comparison, empirical analysis, calculation methods. The next results have been obtained: analysed the protocols and methods of user authentication in web applications; selected authentication methods of JWT token and OAuth v2.0 standard for building modern web applications; created a web application based on the selected authentication methods in web applications; analysed the risks of vulnerabilities and attacks in web applications. Conclusions: The most well-known authentication methods for web applications are analyzed. It is established that most modern authentication methods have many disadvantages, which leads to increased risks when using these authentication methods. It is shown that one of the most reliable methods of web application user data security is the use of a combination of JWT Access/Refresh token and browser fingerprints. The implementation, configuration, and analysis of this methodology have shown that this combination provides the most reliable prevention of token theft and use from another computer. OAuth 2.0 authentication was also implemented. The study found that delegating authentication to services such as Facebook or Google can provide a low risk of attacks and vulnerabilities for a web application. It is noted that authentication using OAuth 2.0 can be compromised only at the beginning of the connection between the client and the server, or rather when the client first sends initial information from the browser fingerprints. This information is sent over the secure HTTPS (Hypertext Transfer Protocol Secure) protocol, so the risk of compromising OAuth 2.0 authentication is low.