Ask A Question


You’re not receiving notifications from this thread.

How do I generate and store the state parameter for OAuth?

Yi Mei Wang asked in General

The above is a standard format for OAuth authorization URL, and how do I generate and store the state parameter? I understand that you can encode information inside for redirect purposes and it's also for CSRF prevention, but does this mean I need to have a column in my database to store the state? Do I need to invalidate it after 30 mins to keep it "unguessable"? It seems very overkill, and I am utterly confused as to what's a good way to do this.

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 83,168+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.