Anonymous
Not logged in
English
Talk
Contributions
Create account
Log in
Identity wiki
Search
Editing
Understanding OAuth 2.0: Token-Based Authorization
(section)
From Identity wiki
Namespaces
Page
Discussion
More
More
Page actions
Read
Edit
History
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security Best Practices == To enhance security, consider these best practices: * '''Use PKCE (Proof Key for Code Exchange)''': Prevents code interception attacks in mobile and SPA applications. * '''Use Short-Lived Access Tokens''': Reduces the risk of token leakage by expiring them quickly. * '''Store Tokens Securely''': Avoid storing access tokens in local storage or exposing them in URLs. * '''Use HTTPS''': Always ensure secure communication between clients and servers. * '''Implement Token Revocation''': Allow users to revoke access when needed by invalidating tokens. * '''Prefer Authorization Code Flow with PKCE''': Ensure security in client-server communication, especially for mobile and web applications. * '''Implement Scopes and Permissions''': Limit the access granted to applications by defining specific scopes for each request.
Summary:
Please note that all contributions to Identity wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Проект:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Wiki tools
Wiki tools
Special pages
Page tools
Page tools
User page tools
More
What links here
Related changes
Page information
Page logs
