I noticed the request to authenticate a user on the front is not secure: the login and password are clear in a GET request!
The good security practice is to perform a post request.
In addition, it would be good to plan the implementation of a certificate on the front and back to facilitate the encryption of exchanges (with let's encrypt and certbot for example)
RomainSanchez
commented
6 years ago
Hello,
I noticed the request to authenticate a user on the front is not secure: the login and password are clear in a GET request!
The good security practice is to perform a post request.
In addition, it would be good to plan the implementation of a certificate on the front and back to facilitate the encryption of exchanges (with let's encrypt and certbot for example)
http://domain/back/oauth/v2/token?client_id=1_3c82d3qg6l2c0scgwkw48wc4coksw4os88ks48ow8oc08ccwoo&client_secret=50ti9qgf63wo0sc0004k40gos0wss04s0s8oc48ok4c0kg8w48&grant_type=password&username=USER@test.fr&password=PASSWORDinCLEAR!