Add a CSRF token to the state parameter

FusionAuth / nodebb-plugin-fusionauth-oidc

NodeBB Plugin that allows users to login/register via any configured OAuth provider.

https://fusionauth.io

BSD 2-Clause "Simplified" License

9 stars 10 forks source link

Open robotdan opened 4 years ago

robotdan commented 4 years ago

If NodeBB supports a CSRF token, we can grab it or generate a new one and pass it along in the state parameter.

julianlam commented 2 years ago

@robotdan Yes, we do send one in:

We pass in a csrf token in state and verify that the value is returned in the state param in the query string at the callback URL handler.

robotdan commented 2 years ago

Thanks @julianlam !

julianlam commented 2 years ago

Just a tad late on the reply 🙂