You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "state" parameter is used to link client requests and prevent
CSRF attacks, for example, attacks against the redirect URI. An
attacker could inject their own authorization "code" or access token,
which can result in the client using an access token associated with
the attacker's protected resources rather than the victim's (e.g.,
save the victim's bank account information to a protected resource
controlled by the attacker).
The client should utilize the "state" request parameter to send the
authorization server a value that binds the request to the user
agent's authenticated state (e.g., a hash of the session cookie used
to authenticate the user agent) when making an authorization request.
Once authorization has been obtained from the end user, the
authorization server redirects the end-user's user agent back to the
client with the required binding value contained in the "state"
parameter.
The binding value enables the client to verify the validity of the
request by matching the binding value to the user agent's
authenticated state.
The text was updated successfully, but these errors were encountered:
The "state" parameter is used to link client requests and prevent
CSRF attacks, for example, attacks against the redirect URI. An
attacker could inject their own authorization "code" or access token,
which can result in the client using an access token associated with
the attacker's protected resources rather than the victim's (e.g.,
save the victim's bank account information to a protected resource
controlled by the attacker).
The client should utilize the "state" request parameter to send the
authorization server a value that binds the request to the user
agent's authenticated state (e.g., a hash of the session cookie used
to authenticate the user agent) when making an authorization request.
Once authorization has been obtained from the end user, the
authorization server redirects the end-user's user agent back to the
client with the required binding value contained in the "state"
parameter.
The binding value enables the client to verify the validity of the
request by matching the binding value to the user agent's
authenticated state.
The text was updated successfully, but these errors were encountered: