rspec/shared_content/secrets/impact/oauth_token_compromise.adoc

=== OAuth token compromise

The OAuth 2.0 authorization code grant flow is a secure method of authorizing
a web application to access a third-party service. After the user authenticates
with the third-party service and grants access, the web application is sent a
single-use code. The application must then pass this code and a `client_secret`
value to the service in order to obtain a usable authentication token.

If the `client_secret` value is disclosed, anyone who can intercept the
single-use code can then exchange it for a valid authentication token.
Create rule S7164: Dropbox app credentials should not be disclosed (#4501) * Create rule S7164 * Initial content * Additional content --------- Co-authored-by: jamie-anderson-sonarsource <jamie-anderson-sonarsource@users.noreply.github.com> Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com> 2024-11-15 16:12:02 +00:00			`=== OAuth token compromise`

			`The OAuth 2.0 authorization code grant flow is a secure method of authorizing`
			`a web application to access a third-party service. After the user authenticates`
			`with the third-party service and grants access, the web application is sent a`
			single-use code. The application must then pass this code and a `client_secret`
			`value to the service in order to obtain a usable authentication token.`

			If the `client_secret` value is disclosed, anyone who can intercept the
			`single-use code can then exchange it for a valid authentication token.`