Open robotdan opened 4 years ago
@robotdan Yes, we do send one in:
We pass in a csrf token in state
and verify that the value is returned in the state
param in the query string at the callback URL handler.
Thanks @julianlam !
Just a tad late on the reply 🙂
If NodeBB supports a CSRF token, we can grab it or generate a new one and pass it along in the state parameter.