The Auth. Request Analyser (AuRA) Chromium extension aims to support the analysis of OAuth and OpenID Connect implementations, by offering semi-automated analysis and attack capabilities for Authorization/Authentication Requests.

During my master’s thesis, I created custom OpenID Connect Service Provider (SP) and Identity Provider (IdP) implementations for research and Proof-of-Concept purposes. Both implementations use NodeJS. This post outlines their capabilities and how they can be extended.