oAuth2 security needs state param

SteveJ286
Frequent Participant

oAuth2 security needs state param

I believe the oAuth2 implementation you currently have suffers from a potential security flaw.  Luckily, allowing the redirect_uri to have a state parameter that is returned with the access code solves the problem and is an easy fix.

 

See this article for a better explination - https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authen...

1 REPLY 1
Courtney_E
Moderator

Thank you for reaching out to Constant Contact API Developer Support and for your patience. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

Your feedback regarding the use of OAuth2.0, has been submitted for review and consideration by our team. Your experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.


Regards,

Courtney E.
API Support Specialist

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Developer Portal

View API documentation, code samples, get your API key.

Visit Page