BUILDING WEB APPLICATIONS WITH MODERN AUTHENTICATION SYSTEMS BASED ON OAUTH 2.0 PKCE AND BIOMETRICS TO ENHANCE THE CYBER RESILIENCE OF THESE APPLICATIONS

Abstract

The modern business world is technically founded on the integration of various business platforms, including web applications and web platforms. This integration encompasses not only data transfer and synchronization but also the synchronization of business processes and decision-making processes governed by these data. Therefore, the integrity and cybersecurity of such data are key aspects in mitigating risks and laying the groundwork for making sound decisions. Amid the rapid development of digital technologies and the significant rise in cyber threats, ensuring the security of business web applications has become particularly relevant and is often an essential part of corporate strategy when selecting or creating new web systems. One of the primary tools for securing integrations between web platforms is the OAuth 2.0 protocol with the Proof Key for Code Exchange (PKCE) mechanism. Objective. The aim of this work is to provide an analytical review of the technical aspects of the practical implementation of the OAuth 2.0 protocol and to create a proposal for its improvement through the application of biometric technologies using the Proof Key for Code Exchange (PKCE) algorithm, which is particularly important to understand when developing web applications (web programming). Specifically, the proposed approach involves combining biometrics during the user delegation phase of granting rights to a client application. Methodology. The study applies a comprehensive approach, which includes an analysis of the principles of OAuth 2.0 protocol operation, modeling potential threats during the user’s delegation of rights to the client application. The research methodology encompassed a theoretical analysis of literature on cybersecurity and biometric verification technologies, theoretical modeling of possible attack scenarios, and the implementation of an additional authentication layer. Scientific novelty. This work investigates for the first time the potential vulnerability of the OAuth 2.0 PKCE protocol to social engineering during the delegation of user rights to a client application. An innovative approach is proposed to strengthen this stage by implementing biometric verification based on a unique algorithm that provides an enhanced level of protection against attacks using social manipulation techniques. Conclusions. Ensuring the security of web platform integrations is a critical aspect for businesses in the modern business environment. The protection of the user rights delegation process to the client application is particularly important, as this stage is vulnerable to attacks, including social engineering. The proposed improvement of the OAuth 2.0 protocol with the use of the Proof Key for Code Exchange (PKCE) mechanism through the integration of biometric verification at the rights delegation stage provides an additional layer of protection, reducing risks associated with social manipulation. Therefore, the proposed approach can be applied in web programming practices to ensure a higher level of integration security, where a high level of cyber resilience is of utmost importance.