Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue when include token in url #4

Open
kidphys opened this issue Aug 18, 2015 · 2 comments
Open

Security issue when include token in url #4

kidphys opened this issue Aug 18, 2015 · 2 comments

Comments

@kidphys
Copy link

kidphys commented Aug 18, 2015

Correct me if I'm wrong, but is it unsecured to include the token in the redirection url? Any host standing in between may intercept and extract the token at will.
@rubyconvict
Copy link

HTTPS is required. DNS, browser history, proxies can be problematic, so I guess, the use case here is the same as in Oauth 2.0 - provider must issue a short-lived token (requiring a refresh).

pboling referenced this issue in pboling/omniauth-jwt2 Nov 30, 2023
@OsamaSayegh
DEV: Switch from Travis to Actions (#4)
6667b2e
pboling referenced this issue in pboling/omniauth-jwt2 Nov 30, 2023
@OsamaSayegh @pboling
DEV: Switch from Travis to Actions (#4)
c1cb01d
@pboling
Copy link

pboling commented Mar 7, 2024

FYI: I rewrote this gem and modernized it!

https://github.com/pboling/omniauth-jwt2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pboling @rubyconvict @kidphys