oAuth2 security needs state param

SteveJ286
Campaign Collaborator
0 Votes

I believe the oAuth2 implementation you currently have suffers from a potential security flaw.  Luckily, allowing the redirect_uri to have a state parameter that is returned with the access code solves the problem and is an easy fix.

 

See this article for a better explination - https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authen...

1 REPLY 1
Courtney_E
Moderator
0 Votes

Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

Your feedback regarding the use of OAuth2.0, has been submitted for review and consideration by our team. Your experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.


Regards,

Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up

Polls
How confident are you about the effectiveness of your current marketing strategy?

Top Choice: Not confident at all (62%)