IMPLEMENTATION OF OAUTH 2.0 BASED ON LARAVEL FRAMEWORK IN A CASE STUDY OF CLIENT INFORMATION MANAGEMENT SYSTEM

Arthur Oliviana Zabka; Asep Id Hadiana; Herdi Ashaury

doi:10.52661/j_ict.v5i2.219

Authors

Arthur Oliviana Zabka Universitas Jenderal Achmad Yani
Asep Id Hadiana Universitas Jenderal Achmad Yani
Herdi Ashaury Universitas Jenderal Achmad Yani

DOI:

https://doi.org/10.52661/j_ict.v5i2.219

Keywords:

authorization, OAuth2, API, access token, Laravel Passport

Abstract

The swift growth of the internet and its utilization by businesses for operational purposes, such as developing information systems and utilizing cloud-based data storage, has been remarkable. The discussed client data recording system is designed to facilitate the recording of wedding photography bookings, easing the workload for employees. However, the rapid expansion of the internet has also introduced security concerns, particularly regarding unauthorized access due to weak website authorization and authentication. Consequently, ensuring and effectively managing access rights to information systems becomes crucial. This study aims to implement secure website login authorization using the OAuth 2.0 method with Laravel Passport in the client data recording information system. Post-authentication, the authorization in the context of OAuth2, used within Laravel Passport, provides users with access tokens to reach the primary interface. This process involves an API that both furnishes and safeguards the intended resources. Upon authentication and receipt of a valid access token from the OAuth2 system, users can utilize the token to access the API. The research outcomes enhance the security of information system access rights, aiming to reduce unauthorized breaches in websites storing vital data, thus ensuring the safety and protection of stored client data. Testing results using SQL Injection yielded 4418 messages sent and 2209 task IDs, with a current fuzzer count of 0, signifying that the system remained secure and impervious to SQL Injection attacks.

References

P. Sistem and P. Parkir, “IMPLEMENTASI RESTFUL WEB SERVICES DENGAN OTORISASI OAUTH 2 . 0,” no. April, 2019, doi: 10.24176/simet.v10i1.3026.

R. Kurniawan, “Perancangan dan Implementasi Sistem Otentikasi OAuth 2 . 0 dan PKCE Berbasis Extreme Programming ( XP ) Universitas Mercubuana Yogyakarta , Indonesia Design and Implementation of Authentication System OAuth 2 . 0 and PKCE Based on Extreme Programming ( XP,” vol. 2, no. 2, pp. 81–91, 2022.

M. P. Oauth, “Jurnal JARKOM Vol . 5 No . 2 Desember 2017 E- ISSN : 2338-6304 PERANCANGAN DAN IMPLEMENTASI SSO ( SINGLE SIGN ON ) Jurnal JARKOM Vol . 5 No . 2 Desember 2017 E- ISSN : 2338-6304,” vol. 5, no. 2, pp. 102–108, 2017.

S. Syofian and R. I. Setya S, “IMPLEMENTASI MANAGEMENT AKSES USER UNTUK ROUTER CISCO MENGGUNAKAN METODE AAA (AUTHENTICATION, AUTHORIZATION, ACCOUNTING) Studi Kasus PT. PROXIS SAHABAT INDONESIA,” Jurnal Sains & Teknologi , vol. 8, no. 1, pp. 33–40, 2018.

H. Ajie, M. Insan Rizky, and M. F. Duskarnaen, “Pengembangan Teknologi Single Sign On Pada Sistem Informasi Dosen dan Sistem Informasi Kurikulum di Universitas Negeri Jakarta,” PINTER : Jurnal Pendidikan Teknik Informatika dan Komputer, vol. 3, no. 1, pp. 32–37, Jun. 2019, doi: 10.21009/pinter.3.1.6.

A. Ghiffari and P. Hendradi, “Implementasi Single sign on (SSO) Menggunakan Representational State Transfer (REST) dan Open Authorization (OAuth 2.0) (Studi kasus: Universitas Muhammadiyah Magelang).”

H. Ajie, M. Insan Rizky, and M. F. Duskarnaen, “Pengembangan Teknologi Single Sign On Pada Sistem Informasi Dosen dan Sistem Informasi Kurikulum di Universitas Negeri Jakarta,” PINTER : Jurnal Pendidikan Teknik Informatika dan Komputer, vol. 3, no. 1, pp. 32–37, Jun. 2019, doi: 10.21009/pinter.3.1.6.

Y. Fatman and R. Octaviawati, “Implementasi Metode Open Authorization ( OAuth2 ) Untuk Pengelolaan Data Dosen di Universitas Islam Nusantara,” vol. 2, no. 1, pp. 10–18, 2020.

I. G. Anugrah and M. A. R. I. Fakhruddin, “Development Authentication and Authorization Systems of Multi Information Systems Based REst API and Auth Token,” Innovation Research Journal, vol. 1, no. 2, p. 127, 2020, doi: 10.30587/innovation.v1i2.1927.

K. Saputra and K. Farhan, “Implementasi Protokol OAuth 1 . 0 Sebagai Autentikasi pada Aplikasi SMS Blast Berbasis Android,” Journal of Electrical Technology, vol. 2, no. 3, pp. 27–30, 2017.

A. Rahmatulloh, H. Sulastri, and R. Nugroho, “Keamanan RESTful Web Service Menggunakan JSON Web Token (JWT) HMAC SHA-512,” Jurnal Nasional Teknik Elektro dan Teknologi Informasi (JNTETI), vol. 7, no. 2, 2018, doi: 10.22146/jnteti.v7i2.417.

“Apa itu OAuth 2.” Accessed: Dec. 07, 2022. [Online]. Available: https://www.huzefril.com/posts/security/oauth2-apaitu/#apa-saja-yang-didefinisikan-dalam-standarnya-ini-

Q. Nguyen and O. Baker, “Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API,” Journal of Software, pp. 257–264, Jun. 2019, doi: 10.17706/jsw.14.6.257-264.

L. Xie, M. H. Li, L. Han, and X. L. Dong, “Design and implement of spring security-based T-RBAC,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Oct. 2017, pp. 183–188. doi: 10.1145/3180496.3180629.

M. Elsera and A. Di, “IMPLEMENTASI SINGLE SIGN ON PADA WEB MENGGUNAKAN PROTOCOL OAUTH FACEBOOK,” Online.

“Single Sign-On.” Accessed: Jan. 14, 2023. [Online]. Available: https://auth0.com/docs/authenticate/single-sign-on

B. A. Pranata et al., “PERANCANGAN APPLICATION PROGRAMMING INTERFACE (API) BERBASIS WEB MENGGUNAKAN GAYA ARSITEKTUR REPRESENTATIONAL STATE TRANSFER (REST) UNTUK PENGEMBANGAN SISTEM INFORMASI ADMINISTRASI PASIEN KLINIK PERAWATAN KULIT,” 2018.

“Laravel Socialite - Laravel - The PHP Framework For Web Artisans.” Accessed: Jul. 12, 2023. [Online]. Available: https://laravel.com/docs/10.x/socialite

A. Alonso et al., “An Identity Framework for Providing Access to FIWARE OAuth 2.0-Based Services According to the eIDAS European Regulation,” IEEE Access, vol. 7, pp. 88435–88449, 2019, doi: 10.1109/ACCESS.2019.2926556.

Z. Musliyana, A. G. Satira, M. Dwipayana, and A. Helinda, “Integrated Email Management System Based Google Application Programming Interface Using OAuth 2.0 Authorization Protocol,” Elkawnie, vol. 6, no. 1, p. 109, 2020, doi: 10.22373/ekw.v6i1.5545.

and F. M. Baozhong Gao, Fangai Liu, Shouyan Du, “An OAuth2.0-Based Unified Authentication System for Secure Services in the Smart Campus Environment,” Springer Nature 2018, vol. 1, pp. 350–357, 2018, doi: 10.1007/978-3-319-93713-7.

A. M. Taufik, “Pembangunan Network Access Control Untuk Autentikasi dan Security dengan Menggunakan 802 . 1X Authentication Jurnal Ilmiah Komputer dan Informatika ( KOMPUTA ),” Umum, vol. 1, pp. 1–7, 2014.

A. S. Sembiring, “Penerapan Model Protokol Aaa (Authentication, Authorization, Accounting) Pada Keamanan Jaringan Komunikasi Wan (Wide Area Network),” Jurnal Multimedia dan Teknologi Informasi (Jatilima), vol. 2, no. 1, pp. 19–29, 2022, doi: 10.54209/jatilima.v2i1.140.

A. Fauzi, J. Dedy Irawan, and N. Vendyansyah, “Rancang Bangun Sistem Manajemen User Aaa (Authentication, Authorization, Accounting) Dan Monitoring Jaringan Hotspot Berbasis Web,” JATI (Jurnal Mahasiswa Teknik Informatika), vol. 4, no. 1, pp. 176–183, 2020, doi: 10.36040/jati.v4i1.2328.

M. A.-J. P. T. I. dan Ilmu, “Penerapan Authentication, Authorization, and Accounting untuk Pengamanan Jaringan Small Office/Home Office,” J-Ptiik.Ub.Ac.Id, vol. 6, no. 1, pp. 394–401, 2022, [Online]. Available: http://j-ptiik.ub.ac.id/index.php/j-ptiik/article/download/10522/4650