summaryrefslogtreecommitdiff
path: root/yarns/300-end-user-auth.yarn
diff options
context:
space:
mode:
Diffstat (limited to 'yarns/300-end-user-auth.yarn')
-rw-r--r--yarns/300-end-user-auth.yarn1
1 files changed, 1 insertions, 0 deletions
diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn
index da79b03..98295fb 100644
--- a/yarns/300-end-user-auth.yarn
+++ b/yarns/300-end-user-auth.yarn
@@ -149,6 +149,7 @@ browser see it.
AND HTTP Location header starts with https://facade/callback?
AND HTTP Location header is saved as LOCATION
AND authorization code from LOCATION is saved as CODE
+ AND state from LOCATION is RANDOM
The browser follows the redirect to the facade. The facade extracts
the authorization code, and uses its own client credentials to
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-28 13:38:35 +0000