- OAuth 2.0 Cookbook
- Adolfo Eloy Nascimento
- 192字
- 2021-07-08 09:35:02
There's more...
As an exercise, you might try to use Facebook SDK, which should be simpler to use for abstracting what we did into the SDK's API. Besides, using the SDK or not, one important thing that should be added to our code is the usage of the state parameter to avoid Cross Site Request Forgery (CSRF) attacks.
A CSRF attack allows a malicious user to execute operations in the name of another user (a victim). Regarding web applications, a valid approach to avoid CSRF is to make the client send a variable to the server with some random string which might be checked after receiving it back from the server's response, so the first value and the second (received) must be the same.
Regarding security issues, one other valuable suggestion is to send the access_token to the server side so you don't have to request a new access token on every web page of your application (but take care with the expiration time).
All the recipes that follow in this chapter will be using Spring Social project. For more information about the project, you can read the official documents at https://projects.spring.io/spring-social/.
推薦閱讀
- Mastering OpenCV Android Application Programming
- Mastering matplotlib
- Python王者歸來
- Hands-On GPU:Accelerated Computer Vision with OpenCV and CUDA
- 精通Python自然語言處理
- 小學生C++創(chuàng)意編程(視頻教學版)
- Python語言實用教程
- Vue.js 2 Web Development Projects
- ASP.NET程序開發(fā)范例寶典
- Building Serverless Architectures
- Python編程:從入門到實踐(第3版)
- Mastering SciPy
- JavaWeb從入門到精通(視頻實戰(zhàn)版)
- Java EE程序設計與開發(fā)實踐教程
- ANSYS FLUENT 16.0超級學習手冊