This repository has been archived by the owner on Aug 28, 2023. It is now read-only.
Remove default query support for access_tokens in bearerstrategy #195
Comments
lovemaths
added a commit
that referenced
this issue
Sep 29, 2016
lovemaths
added a commit
that referenced
this issue
Sep 30, 2016
lovemaths
added a commit
that referenced
this issue
Oct 1, 2016
(2) on common endpoint, user can set validateIssuer true if they provide issuer
(3) breaking changes:
1. add isB2C option for using B2C
2. no longer support user provided certificate, we only allow the certificate created from AAD metadata
3. removed tenantName option for B2C. Instead of using common endpoint then replacing the 'common' with tenantName, we now ask user to directly provide the identityMetadata with tenantName.
lovemaths
added a commit
that referenced
this issue
Oct 1, 2016
(1) Issue #195 disallow bearer token in query (2) on common endpoint, user can set validateIssuer true if they provide issuer (3) breaking changes: 1. add isB2C option for using B2C 2. no longer support user provided certificate, we only allow the certificate created from AAD metadata 3. removed tenantName option for B2C. Instead of using common endpoint then replacing the 'common' with tenantName, we now ask user to directly provide the identityMetadata with tenantName.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://tools.ietf.org/html/rfc6750#section-5.3 calls out not to use query unless absolutely necessary. Query parameters are commonly logged and maintained in browser history.
The text was updated successfully, but these errors were encountered: