property InternalCodeChallenge: boolean;

 

Description

Enables or disables the OAuth2 protocol additional protection against attacks and server response spoofing. During authorization, the component creates SecurityToken and CodeChallenge parameters with random values, which it adds to the AuthorizationUrl property. In response, the OAuth2 service adds a SecurityToken to the TokenCallbackUrl parameters, the component compares the tokens and aborts execution if they don't match.

The default value of the property is True. You can disable CodeChallenge if the OAuth2 server does not support CodeChallenge, or has its own implementation – in this case you will have to add the required parameters to the AuthorizationParams collection yourself.

 

See also

AuthorizationParams

AuthorizationUrl

CodeChallenge

SecurityToken

TokenCallbackUrl

 

 

 

SecureBridge Components, Copyright © 2007-2024 Devart. All Rights Reserved. Provide Feedback Visit Forum Request Support