In the OAuth2 authorization grant flow, the client application passes a state parameter to the authorize endpoint. When the state parameter is visible in the browser url, how does state parameter prevent CSRF attacks.
Asked
Active
Viewed 76 times
2
zilcuanu
- 3,451
- 8
- 52
- 105