MDX Limo
Untitled

--

System Architecture (In Scope)

Components

ComponentRuntime/HostPurpose
User BrowserUser-controlled clientInitiates login/OAuth flows and holds authenticated session context
Web AppNext.js on VercelAuthentication routes, OAuth initiation/callback handling, account settings
Supabase Auth + PostgresManaged auth + databaseSession issuance/validation, identity records, OAuth connection persistence
Google OAuth EndpointsGoogle APIsOAuth authorization code grant and token issuance

In-Scope Data Stores

StorePurpose
SupabaseAuth identities, session context, OAuth connection records, profile identity data

Trust Boundaries (Web Auth)

IDBoundaryAuthenticationTransport
WB1Internet client to Web appSupabase session tokens/JWT after loginTLS
WB2Web app to SupabaseServer-side trusted credentials + user session contextTLS
WB3Web app to Google OAuthOAuth client credentials + PKCE/state controlsTLS
WB4Google OAuth callback to Web appSigned OAuth response artifacts + state verificationTLS

Data Classification (Web Auth)

ClassificationExamplesStorageEncryption
CriticalOAuth access/refresh tokens, session tokens, auth secretsSupabase + server-side secret storageAES-256-GCM at rest for token fields, TLS in transit
SensitiveUser identity/profile attributes, OAuth connection metadata, granted scopesSupabaseTLS in transit, ownership controls via RLS
InternalAuth operational metadata and security event telemetryOperational logging systemsTLS in transit

STRIDE Analysis (Web Auth)

1. Spoofing

ThreatAttack VectorImpactMitigationStatus
User session spoofingForged/stolen session tokenUnauthorized account accessSession validation on protected routes; short-lived access token modelMitigated
OAuth callback spoofingForged OAuth callback parametersAccount linking hijackSigned/validated OAuth state and callback verification controlsMitigated

2. Tampering

ThreatAttack VectorImpactMitigationStatus
OAuth token tampering at restDatabase record tamperingUnauthorized API accessEncrypted token storage (AES-256-GCM) with integrity propertiesMitigated
Auth request tamperingModified request body/headersUnauthorized auth behaviorServer-side validation, strict route handling, and TLS transportMitigated

3. Repudiation

ThreatAttack VectorImpactMitigationStatus
User denies account-link actionDispute over OAuth connection actionsAudit/compliance gapAuth event logging with user/session attributionMitigated

4. Information Disclosure

ThreatAttack VectorImpactMitigationStatus
Credential leakage in logsTokens/secrets exposed in logs/errorsCredential compromiseSecret redaction and policy of not logging credentialsMitigated
Cross-user data disclosureBroken authz or ownership checksPII leakageRLS ownership policies and server-side access enforcementMitigated

5. Denial of Service

ThreatAttack VectorImpactMitigationStatus
Auth endpoint abuseBrute force / request floodingLogin degradation or lockout abuseRate-limiting and anti-automation controls on auth-sensitive routesMitigated

6. Elevation of Privilege

ThreatAttack VectorImpactMitigationStatus
Privilege escalation through auth context manipulationTampered user contextUnauthorized privileged actionsTrusted server-side context derivation and validation of auth attributesMitigated
Service credential compromiseExposure of privileged server-side keyBroad data accessSecrets stored server-side only, operational rotation proceduresMitigated
Weak password policy bypassLow-strength credential acceptanceAccount takeover riskMinimum password length and secure password-change controlsMitigated
Created with MDX Limo