Open kylewm opened 9 years ago
we need to protect against malicious redirects by adding a verifiable signature to the state parameter (in addition to the app-supplied next_url). TODO understand this better.
http://tools.ietf.org/html/rfc6749#section-10.12 http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html
fixed in c8494277a8cf59300adbb1ebc39955b80b88fd88
we need to protect against malicious redirects by adding a verifiable signature to the state parameter (in addition to the app-supplied next_url). TODO understand this better.
http://tools.ietf.org/html/rfc6749#section-10.12 http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html