- OAuth 2.0 Cookbook
- Adolfo Eloy Nascimento
- 192字
- 2021-07-08 09:35:02
There's more...
As an exercise, you might try to use Facebook SDK, which should be simpler to use for abstracting what we did into the SDK's API. Besides, using the SDK or not, one important thing that should be added to our code is the usage of the state parameter to avoid Cross Site Request Forgery (CSRF) attacks.
A CSRF attack allows a malicious user to execute operations in the name of another user (a victim). Regarding web applications, a valid approach to avoid CSRF is to make the client send a variable to the server with some random string which might be checked after receiving it back from the server's response, so the first value and the second (received) must be the same.
Regarding security issues, one other valuable suggestion is to send the access_token to the server side so you don't have to request a new access token on every web page of your application (but take care with the expiration time).
All the recipes that follow in this chapter will be using Spring Social project. For more information about the project, you can read the official documents at https://projects.spring.io/spring-social/.
推薦閱讀
- Oracle 11g從入門到精通(第2版) (軟件開發視頻大講堂)
- Visual Basic程序設計(第3版):學習指導與練習
- C語言程序設計教程(第2版)
- TypeScript項目開發實戰
- Expert Data Visualization
- 數據結構案例教程(C/C++版)
- Node.js Design Patterns
- 從零開始學C語言
- 微信小程序全棧開發技術與實戰(微課版)
- Java網絡編程實戰
- Oracle GoldenGate 12c Implementer's Guide
- Cocos2d-x Game Development Blueprints
- QlikView Unlocked
- Penetration Testing with the Bash shell
- Java高級程序設計