Login
      Contents x
      Security Considerations
      • 04 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      Security Considerations

      • Updated on 04 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      Good implementations make use of state and nonce parameters to prevent attacks e.g. state parameter used to tie it to the browser (prevent CSRF attack):

      1. User visits OAuth application (signed out)

      2. Application sets secure cookie with a state value (cookies are set to the Apps host)

      3. Application redirects to Visma Connect IdP with state parameter in the Authorize-request

      4. User logs in with Visma Connect IdP

      5. Visma Connect IdP redirects back to Application via pre-registered OAuth redirectURI

      6. Application validates OAuth state, comparing cookie value to state value from Visma Connect IdP callback

      7. Application approves or rejects OAuth callback

      Was this article helpful?
      What's Next

      © 2024 Visma

      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout