ad esempio, in callback url di google oauth, per convertire 'code' in access_token, ho bisogno di:
Href lato client:
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&redirect_uri=https://my_url&response_type=code&client_id=xxxxx
PHP lato server:
require('google-api-php-client-2.2.2_PHP54/vendor/autoload.php');
$client = new \Google_Client(Constant::PARAMS);
$client->setAccessType('offline');
$client->setRedirectUri('https://my_url');
$accessToken = $client->fetchAccessTokenWithAuthCode($_GET['code']);
che link è hardcoded sul lato client e server, quando viene cambiato, penso che potrei dimenticare di cambiare entrambi i lati, quindi voglio link fornito dal lato client utilizzando il parametro "stato":
Href lato client:
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&redirect_uri=https://my_url&response_type=code&client_id=xxxxx&state=https://my_url
PHP lato server:
require('google-api-php-client-2.2.2_PHP54/vendor/autoload.php');
$client = new \Google_Client(Constant::PARAMS);
$client->setAccessType('offline');
$client->setRedirectUri($_GET['state']);
$accessToken = $client->fetchAccessTokenWithAuthCode($_GET['code']);
La mia domanda è, aumenta il rischio per la sicurezza?