allow-query-string-token
Use the allow-query-string-token stanza entry to control whether the
authentication token can be obtained from the query string.
Syntax
allow-query-string-token = {true | false}Description
The original OAuth specification allowed the authentication token to be obtained from the query string. The specification has since been adjusted to remove this option as it can be a security risk to embed authentication information within the URL. This configuration entry can be used to control whether authentication tokens found in the query string will be used.
Options
- true
- The OAuth EAS will search the query string for authentication tokens.
- false
- The OAuth EAS will ignore any authentication tokens found in the query string.
Usage
Optional.
Default value
false
Example
allow-query-string-token = true