Search
Search

why id_token is passed via url with fragment identifier instead query string?

Tibin Published at Dev
16
Tibin

After the openid authentication, id_token (jwt) is passed to the client is through URI fragment instead of query string which makes impossible to read by the server. Whats the real motto behind this. Whats the benefits out of this

Hans Z.

The fragment is supposed to be stripped by the user agent (e.g. browser) before loading the URL so the fragment doesn't end up in server side logs.

One should be aware that recent changes in browser implementations make the assumption above questionable and it may be safer to rely on an Authorization Code flow.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

OAuth 2.0: why is the access token or temporary code placed in the in the URL fragment (after the #) instead of in the query string?

Attack via filename passed in url query?

Why am I getting a column header error, instead of using a passed string to filter, in this database query?

A good name for a URL path and query string and fragment?

Why `v=bf13ba33f40c` this extra query string is passed in the wordpress site url?

Use user id in bigquery SQL query that is passed into the function via an argument

Split base URL from query string and anchor fragment

Id passed on url via link can't be processed on create action

How to get the URL fragment identifier from HttpServletRequest

Parsing URL hash/fragment identifier with JavaScript

How to get the #fragment identifier part of an URL

How to match URL with fragment identifier in chrome extension?

Python - Get URL fragment identifier with Flask

Why Google use HTML Fragment identifier (#) in search?

Passing parameters via URL displays it as [object object] instead of string (typescript)

Why the token is displayed as 'end' type instead of STRING?

Why wget ignores query string in the url?

open specific url passed from activity to fragment

Use static JSON string in AJAX query instead of a URL

Url to accept string instead of Id with spaces

How can I remove unwated query parameters from url that are passed via Model?

Why aren't string literals passed as references to arrays instead of opaque pointers?

Query string not passed to another page

How to add apple map marker via query string in the url?

rails, query via url

Int passed into Intent but Android studio is saying that I passed a String instead

Facebook returning token as hash instead of part of the query string

AngularJS $resource passes id as query parameter instead in url

Parse webpage with Fragment identifier in URL, using HTML Agility Pack

TOP Ranking

  1. 1

    pump.io port in URL

  2. 2

    Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

  3. 3

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  4. 4

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  5. 5

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  6. 6

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  7. 7

    ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

  8. 8

    Using Response.Redirect with Friendly URLS in ASP.NET

  9. 9

    Can a 32-bit antivirus program protect you from 64-bit threats

  10. 10

    Double spacing in rmarkdown pdf

  11. 11

    How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

  12. 12

    3D Touch Peek Swipe Like Mail

  13. 13

    Bootstrap 5 Static Modal Still Closes when I Click Outside

  14. 14

    Assembly definition can't resolve namespaces from external packages

  15. 15

    Vector input in shiny R and then use it

  16. 16

    Emulator wrong screen resolution in Android Studio 1.3

  17. 17

    Svchost high CPU from Microsoft.BingWeather app errors

  18. 18

    Graphics Context misaligned on first paint

  19. 19

    Python connect to firebird docker database

  20. 20

    Is this docker-for-mac password dialog legit?

  21. 21

    How to save models trained locally in Amazon SageMaker?

HotTag

Archive