OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub

TL;DR

OAuthHub is presented, a development framework that leverages users' personal devices as the intermediary controller for OAuth-based data sharing between cloud services and requires moderate changes to the application code and imposes insignificant performance overheads.

Abstract

Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a development framework that leverages users' personal devices as the intermediary controller for OAuth-based data sharing between cloud services. The key innovations of OAuthHub are: (1) the insight that discretionary data access is largely unnecessary for most OAuth apps, which typically only require access at three well-defined moments-during installation, in response to user actions, and at scheduled intervals; (2) a development framework that requires explicit declarations of intended data access and supports the three common access patterns through intermittently available personal devices; and (3) a centralized runtime permission model for managing OAuth access across providers. We evaluated OAuthHub with three real-world apps on both PCs and mobile phones and found that OAuthHub requires moderate changes to the application code and imposes insignificant performance overheads. Our study with 18 developers showed that participants completed programming tasks significantly faster (9.1 vs. 18.0 minutes) with less code (4.7 vs. 15.8 lines) using OAuthHub than conventional OAuth APIs.

Figures (16)

• Figure 1: OAuthHub uses personal devices (e.g., smartphones, PCs) as an intermediary controller for data sharing between third-party apps (e.g., Zoom) and service providers (e.g., Google). OAuthHub retrieves data from service providers through OAuth (a-f), filters data locally, and allows third-party apps to access it through OAuth as well (1-6).
• Figure 2: The OAuthHub library provides APIs for: (1) generating authorization URLs, (2) exchanging access tokens, and (3) accessing data through OAuthHub. Notably, developers declare the desired access type in the initial API call (1).
• Figure 3: OAuthHub manifest management interface on the web. The global control panel (left) with the usage statistics of the runtime and toggles allows users to enable or disable OAuthHub. The manifests control panel (middle) can manage manifests across various services. The request logs interface (right) shows the access logs for user data via manifests for auditing.
• Figure 4: Example of an OAuthHub authorization interface on the Android device. OAuthHub runtime can generate centralized notice/control interfaces by parsing the machine-readable manifests: an overview (Left), the process steps (Middle), and a detailed data view (Right).
• Figure 5: OAuthHub permission management interface on the web. OAuthHub allows users to specify three types of permission constraints through a centralized management interface: (A) Usage constraints: limit access frequency (e.g., twice per week) or total uses (e.g., one-time); (B) Resource constraints: restrict to specific resources (e.g., folders, file types) or obfuscate sensitive fields (e.g., names, emails); (C) Time constraints: set expiration duration (e.g., 24 hours) or restrict to specific time windows (e.g., business hours).