How Okta provides Security for Query pramerters for /authorize and /token

How Okta provides security when we call /authorize and /token endpoint as query parameters with client_id and client_sceret and grant_type etccc…

It will be visible if we pass all there (client_id, client_secret etc) in parameters and chances of loosing security.

Can any one explain how Okta provides security for these endpoints?

Hi @Gayithri

We do not recommend passing the confidential details such as client secret as query parameters, but as POST attributes, as the hostname and request path can be logged.

You can find here the current supported flows, along with examples on how to send them securely.

Hi Drago’s,

Thanks for your explanation.

Yes I saw /authorize and /token for these end points sending as query parameters in the Authorization I code flow https://developer.okta.com/authentication-guide/implementing-authentication/auth-code/#_1-setting-up-your-application.
So I got doubt.