oAuth2 security needs state param

SteveJ286
Frequent Participant

oAuth2 security needs state param

I believe the oAuth2 implementation you currently have suffers from a potential security flaw.  Luckily, allowing the redirect_uri to have a state parameter that is returned with the access code solves the problem and is an easy fix.

 

See this article for a better explination - https://medium.com/securing/what-is-going-on-with-oauth-2-0-and-why-you-should-not-use-it-for-authen...

0 REPLIES 0
Developer Portal

View API documentation, code samples, get your API key.

Visit Page