"Arbitrary data" means anything. A string, a number, binary data, whatever.
Since it's to be used as a CSRF token, it needs to be an unpredictable value that's associated with the user's session. Here are some guidelines on CSRF tokens.
Frage
What is arbitrary data ? I found it here https://www.dropbox.com/developers/core/docs#oa2-authorize
state Up to 200 bytes of arbitrary data that will be passed back to your redirect
URI. This parameter should be used to protect against cross-site request forgery
(CSRF). See Sections 4.4.1.8 and 4.4.2.5 of the OAuth 2.0 threat model spec.
So what types of value I send for state
? I am using nodejs .
Lösung
"Arbitrary data" means anything. A string, a number, binary data, whatever.
Since it's to be used as a CSRF token, it needs to be an unpredictable value that's associated with the user's session. Here are some guidelines on CSRF tokens.