System and methods for detecting authentication object forgery or manipulation attacks

What is claimed is: 1 . A computing system for detecting authentication object forgery or manipulation attacks, the computing system comprising: one or more hardware processors configured for: receiving a plurality of authorization information comprising a first authentication object for a user of a service, the first authentication object comprising a first identification string known to be generated by an identity provider associated with the service; generating a security cookie for the first authentication object, wherein the security cookie forms a bijective association with the first authentication object; registering the first authentication object and the associated security cookie in an authentication ledger; receiving a request for access to the service by the user accompanied by a second authentication object; deterministically verifying, in response to the request for access, that the second authentication object includes the security cookie associated with the first authentication object by checking the authentication ledger; and generating an authentication failure when the security cookie is missing or invalid. 2 . The computing system of claim 1 , wherein the one or more hardware processors are further configured for: calculating a unique identifier for the first authentication object by performing a plurality of calculations and transformations on the first authentication object; and linking the unique identifier to the security cookie to use in checking the authentication ledger for subsequently received authentication objects. 3 . The computing system of claim 1 , wherein the plurality of authorization information comprises a plurality of network packets obtained from network traffic logs. 4 . The computing system of claim 3 , wherein the plurality of network packets is encrypted. 5 . The computing system of claim 3 , wherein the plurality of network packets is unencrypted. 6 . The computing system of claim 1 , wherein the plurality of authorization information comprises a plurality of event log data. 7 . The computing system of claim 1 , wherein the first authentication object is an Open Authentication 2.0 (OAuth2) access token generated by the identity provider. 8 . The computing system of claim 1 , wherein the authentication ledger is a distributed digital ledger. 9 . The computing system of claim 1 , wherein the security cookie is based at least in part on an existing property of the first authentication object. 10 . The computing system of claim 1 , wherein the security cookie is based at least in part on session metadata for the user of the service based on device information, biometric indications, or behavioral indications. 11 . The computing system of claim 1 , wherein the security cookie forms a bijective association between an authentication event and a session associated with the authorization information, wherein the bijective association between the authentication event and the session associated with the authorization information can be used to link subsequent actions within the session back to the user of the service. 12 . A computer-implemented method executed for detecting authentication object forgery or manipulation attacks, the computer-implemented method comprising: receiving a plurality of authorization information comprising a first authentication object for a user of a service, the first authentication object comprising a first identification string known to be generated by an identity provider associated with the service; generating a security cookie for the first authentication object, wherein the security cookie forms a bijective association with the first authentication object; registering the first authentication object and the associated security cookie in an authentication ledger; receiving a request for access to the service by the user accompanied by a second authentication object; deterministically verifying, in response to the request for access, that the second authentication object includes the security cookie associated with the first authentication object by checking the authentication ledger; and generating an authentication failure when the security cookie is missing or invalid. 13 . The computer-implemented method of claim 12 , further comprising: calculating a unique identifier for the first authentication object by performing a plurality of calculations and transformations on the first authentication object; and linking the unique identifier to the security cookie to use in checking the authentication ledger for subsequently received authentication objects. 14 . The computer-implemented method of claim 12 , wherein the plurality of authorization information comprises a plurality of network packets obtained from network traffic logs. 15 . The computer-implemented method of claim 14 , wherein the plurality of network packets is encrypted. 16 . The computer-implemented method of claim 14 , wherein the plurality of network packets is unencrypted. 17 . The computer-implemented method of claim 12 , wherein the plurality of authorization information comprises a plurality of event log data. 18 . The computer-implemented method of claim 12 , wherein the first authentication object is an Open Authentication 2.0 (OAuth2) access token generated by the identity provider. 19 . The computer-implemented method of claim 12 , wherein the authentication ledger is a distributed digital ledger. 20 . The computer-implemented method of claim 12 , wherein the security cookie is based at least in part on an existing property of the first authentication object. 21 . The computer-implemented method of claim 12 , wherein the security cookie is based at least in part on session metadata for the user of the service based on device information, biometric indications, or behavioral indications. 22 . The computer-implemented method of claim 12 , wherein the security cookie forms a bijective association between an authentication event and a session associated with the authorization information, wherein the bijective association between the authentication event and the session associated with the authorization information can be used to link subsequent actions within the session back to the user of the service. 23 . A system for detecting authentication object forgery or manipulation attacks, comprising one or more computers with executable instructions that, when executed, cause the system to: receive a plurality of authorization information comprising a first authentication object for a user of a service, the first authentication object comprising a first identification string known to be generated by an identity provider associated with the service; generate a security cookie for the first authentication object, wherein the security cookie forms a bijective association with the first authentication object; register the first authentication object and the associated security cookie in an authentication ledger; receive a request for access to the service by the user accompanied by a second authentication object; deterministically verify, in response to the request for access, that the second authentication object includes the security cookie associated with the first authentication object by checking the authentication ledger; and generate an authentication failure when the security cookie is missing or invalid. 24 . The system of clai