Become a Partner

Discussions

Ask a Question
Back to All

Client secrets in query params? Are you serious?

about 1 year ago by J. Hoffmann

The /auth POST endpoint requires client secrets to be passed as query params, so that my secrets are kept in request logs all over the world? Are you serious?

Please change the /auth endpoint to only accept secrets as post parameters.