What helpful tips or resources can be found to help me protect one-click authentication?
In fact, the situation is a third-party system that accepts HTTPS requests through a browser, where you provide authentication information (un, pw, authkey, etc.). Then, after authentication of the provided credentials, the service allows or denies login. The fact is that if someone clicks on a link, they are automatically granted access to this third-party system.
Currently, there are not a number of safety aspects associated with the whole process (which is not a big problem, because the product is not yet ready for work), and a third party is ready to make some changes to protect this a bit.
I have already determined that I need hash information and maybe even send it via POST so that it does not display information in the browser history. But I would like to talk a little about how you all will deal with something like that.
[Edit: Requests continue and are sent via HTTPS. I also modified HTTP previously used for HTTPS]
Wes p source
share