•  06-07-2023
  •  | 
  •  

質問

What is arbitrary data ? I found it here https://www.dropbox.com/developers/core/docs#oa2-authorize

 state Up to 200 bytes of arbitrary data that will be passed back to your redirect 
 URI. This parameter should be used to protect against cross-site request forgery 
(CSRF). See Sections 4.4.1.8 and 4.4.2.5 of the OAuth 2.0 threat model spec.

So what types of value I send for state ? I am using nodejs .

役に立ちましたか?

解決

"Arbitrary data" means anything. A string, a number, binary data, whatever.

Since it's to be used as a CSRF token, it needs to be an unpredictable value that's associated with the user's session. Here are some guidelines on CSRF tokens.

ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top