- OAuth 2.0 Cookbook
- Adolfo Eloy Nascimento
- 192字
- 2021-07-08 09:35:02
There's more...
As an exercise, you might try to use Facebook SDK, which should be simpler to use for abstracting what we did into the SDK's API. Besides, using the SDK or not, one important thing that should be added to our code is the usage of the state parameter to avoid Cross Site Request Forgery (CSRF) attacks.
A CSRF attack allows a malicious user to execute operations in the name of another user (a victim). Regarding web applications, a valid approach to avoid CSRF is to make the client send a variable to the server with some random string which might be checked after receiving it back from the server's response, so the first value and the second (received) must be the same.
Regarding security issues, one other valuable suggestion is to send the access_token to the server side so you don't have to request a new access token on every web page of your application (but take care with the expiration time).
All the recipes that follow in this chapter will be using Spring Social project. For more information about the project, you can read the official documents at https://projects.spring.io/spring-social/.
推薦閱讀
- 基于粒計(jì)算模型的圖像處理
- 信息可視化的藝術(shù):信息可視化在英國(guó)
- 新編Premiere Pro CC從入門到精通
- 微信小程序入門指南
- Learning Python Design Patterns
- C語(yǔ)言程序設(shè)計(jì)
- Python之光:Python編程入門與實(shí)戰(zhàn)
- Getting Started with React Native
- App Inventor創(chuàng)意趣味編程進(jìn)階
- UI設(shè)計(jì)全書(全彩)
- Instant Debian:Build a Web Server
- 動(dòng)手打造深度學(xué)習(xí)框架
- Android Studio開(kāi)發(fā)實(shí)戰(zhàn):從零基礎(chǔ)到App上線 (移動(dòng)開(kāi)發(fā)叢書)
- Java Hibernate Cookbook
- Spark技術(shù)內(nèi)幕:深入解析Spark內(nèi)核架構(gòu)設(shè)計(jì)與實(shí)現(xiàn)原理