Y
Hacker News
new
|
ask
|
show
|
jobs
by
rtpg
1156 days ago
This is me misusing the word "token". Access tokens are gotten via POST, but the one-time code is gotten via GET and, absent usage of things like the state parameter, can easily lead to malicious attacks.