How Okta provides security when we call /authorize and /token endpoint as query parameters with client_id and client_sceret and grant_type etccc…
It will be visible if we pass all there (client_id, client_secret etc) in parameters and chances of loosing security.
Can any one explain how Okta provides security for these endpoints?
Hi @Gayithri
We do not recommend passing the confidential details such as client secret as query parameters, but as POST attributes, as the hostname and request path can be logged.
You can find here the current supported flows, along with examples on how to send them securely.
Hi Drago’s,
Thanks for your explanation.
Yes I saw /authorize and /token for these end points sending as query parameters in the Authorization I code flow https://developer.okta.com/authentication-guide/implementing-authentication/auth-code/#_1-setting-up-your-application.
So I got doubt.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.