remember state string durin oauth process
Unanswered
Dutch posted this in #help-forum
DutchOP
I'm trying to enable users to connect their twitch account to my website. (https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#authorization-code-grant-flow)
It is highly recommended to create a random state string for each oauth flow that will be passed back to the redirect url by twitch to prevent CSRF attacks.
My question: is there a better way to do this than to create a database entry (using supabase) for that user that holds the random state string, then when the user gets redirected back to my site with the data from twitch, compare the state string twitch gives back to the one from the db?
Is there maybe some smarter way of doing it without creating a db entry?
Cheers :)
It is highly recommended to create a random state string for each oauth flow that will be passed back to the redirect url by twitch to prevent CSRF attacks.
My question: is there a better way to do this than to create a database entry (using supabase) for that user that holds the random state string, then when the user gets redirected back to my site with the data from twitch, compare the state string twitch gives back to the one from the db?
Is there maybe some smarter way of doing it without creating a db entry?
Cheers :)