Groups
Groups
Sign in
Groups
Groups
Roomorama API
Conversations
About
Send feedback
Help
OAuth 2 protocol update, security concerns
49 views
Skip to first unread message
Sébastien Grosjean - ZenCocoon
unread,
Jul 17, 2012, 4:18:53 AM
7/17/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to roomor...@googlegroups.com
Hi,
They have been some security concerns with the OAuth 2 protocol a few days ago, the updated section can be found at :
http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-10.12
To make it short, it's now better to always pass the 'state' parameter.
As using Ruby this ticket might be of interest:
https://github.com/intridea/omniauth-oauth2/issues/20
I've already prepared the updated omniauth-roomorama client (
https://github.com/BookingSync/omniauth-roomorama/tree/0.1.1
) but the server side need to be updated before this update can be published and security issue prevented.
Let me know if I can be of any assistance with this upgrade.
Thanks,
- Sébastien Grosjean - ZenCocoon
Reply all
Reply to author
Forward
0 new messages