|
|
|
|
|
|
by florianletsch
3908 days ago
|
|
|
Are Facebook access tokens vulnerable to such an attack? If I remember correctly, at least Google tokens wouldn't be: The application receives a token from Google. With that token, a new session token is created. This session token expires and can only be renewed with the application token and the correct redirect URL. If Facebook uses a similar scheme, tokens would be useless without the running application renewing session tokens. |
|
|