Security/Guidelines/OpenID Connect: Difference between revisions

Jump to navigation Jump to search

Security/Guidelines/OpenID Connect (view source)

Revision as of 02:05, 12 November 2016

No change in size ,  12 November 2016
→‎Other important security considerations
Line 153: Line 153:


This is a defense against [https://en.wikipedia.org/wiki/Cross-site_request_forgery CSRF] attacks as the attacker needs
This is a defense against [https://en.wikipedia.org/wiki/Cross-site_request_forgery CSRF] attacks as the attacker needs
to know the state code/contents (similar to the [https://en.wikipedia.org/wiki/Cross-site_request_forgery#Prevention
to know the state code/contents (similar to the [https://en.wikipedia.org/wiki/Cross-site_request_forgery#Prevention CSRF synchronizer token] used on websites)
CSRF synchronizer token] used on websites)


'''Refresh token''':
'''Refresh token''':
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1154461"

Navigation menu