message no. 115035
Posted by terabyte in #github at 2015-10-06T01:15:44Z
in the github oauth flow, I've blindly accepted the need for the "state" variable to prevent certain attacks, but I'm not clear, who generates that variable and where should it be stored? So for example in an angularjs app where the app only wishes to authenticate the user, is it the clientside angularjs that should generate the nonce word, or should a call to a backend api be made, and stored