You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like the state parameter is needed in POST requests to the auth endpoint on IndieAuth.com. Is this actually really required in order for IndieAuth to be safe?
The text was updated successfully, but these errors were encountered:
The state parameter is used to prevent CSRF attacks. See http://tools.ietf.org/html/rfc6749#section-10.12 for more details. By requiring the state parameter is sent to the authorization endpoint when verifying auth codes, it acts as a built-in check that the client used it.
It looks like the
state
parameter is needed in POST requests to theauth
endpoint on IndieAuth.com. Is this actually really required in order for IndieAuth to be safe?The text was updated successfully, but these errors were encountered: