I currently work on the Authentication with Oauth2, and successfully issue the token to test client. In order to secure the endpoints, however, what options I should choose?
Now, it is appended to the end of url like, {domain}/my_end_point?token={my_token_goes_here} by GET method. But I realized that what if someone hijacks the token and abuse it?
Should I think of passing it on TSL/SSL? or making ever-changing token on each access? Is there any other option?
Asked
Active
Viewed 54 times
0
-
This might help a little - http://stackoverflow.com/questions/16526211/how-should-a-client-pass-a-facebook-access-token-to-the-server/16535817#16535817 – divyanshm Jul 26 '14 at 09:59
-
@divyanshm Thanks. That's what I was looking for. – cychoi Jul 28 '14 at 16:39