Ask A Question

Notifications

You’re not receiving notifications from this thread.

How do I generate and store the state parameter for OAuth?

Yi Mei Wang asked in General
https://authorization-server.com/oauth/authorize
?client_id=a17c21ed
&response_type=code
&state=5ca75bd30
&redirect_uri=https%3A%2F%2Fexample-app.com%2Fauth
&scope=photos

The above is a standard format for OAuth authorization URL, and how do I generate and store the state parameter? I understand that you can encode information inside for redirect purposes and it's also for CSRF prevention, but does this mean I need to have a column in my database to store the state? Do I need to invalidate it after 30 mins to keep it "unguessable"? It seems very overkill, and I am utterly confused as to what's a good way to do this.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 85,376+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.