在Azure AD B2C中使用状态参数容易受到开放重定向漏洞的影响吗? [英] Using State Parameter in Azure AD B2C Susceptible to Open Redirect Vulnerability?

问题描述

如果我按如下所述使用State参数控制RedirectURI:，我是否容易受到

If I use the State parameter to control the RedirectURI as described here: "Why is Redirect URL Fully Qualified in Azure AD B2C?", wouldn't I be susceptible to Open Redirect Vulnerabilities?

我不是刚刚将问题从RedirectURI移到了State参数吗?

Haven't I just moved the problem from the RedirectURI to the State parameter?

推荐答案

State参数是不透明的，应用应在从授权服务器取回时进行验证(例如，加密，签名等).

The State parameter is opaque and the app should validate when it gets back from the authorization server (e.g. encrypted, signed, etc.).

来自Omer Iqbal的评论

from Omer Iqbal's comment

这篇关于在Azure AD B2C中使用状态参数容易受到开放重定向漏洞的影响吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！