OAuth 2 protocol update, security concerns

49 views
Skip to first unread message

Sébastien Grosjean - ZenCocoon

unread,
Jul 17, 2012, 4:18:53 AM7/17/12
to roomor...@googlegroups.com
Hi,

They have been some security concerns with the OAuth 2 protocol a few days ago, the updated section can be found at : http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-10.12
To make it short, it's now better to always pass the 'state' parameter.

As using Ruby this ticket might be of interest: https://github.com/intridea/omniauth-oauth2/issues/20

I've already prepared the updated omniauth-roomorama client ( https://github.com/BookingSync/omniauth-roomorama/tree/0.1.1 ) but the server side need to be updated before this update can be published and security issue prevented.

Let me know if I can be of any assistance with this upgrade.
Thanks,
- Sébastien Grosjean - ZenCocoon
Reply all
Reply to author
Forward
0 new messages