←back to thread

An illustrated guide to OAuth

(www.ducktyped.org)
354 points egonschiele | 1 comments | 25 Aug 25 12:29 UTC | HN request time: 0.2s | source
Show context
TofuLover ◴[25 Aug 25 14:40 UTC] No.45014373[source]
I don't think the part about front and back channels is quite correct. GET and POST requests are both encrypted in HTTPS -- including the URL (but not the domain, as DNS resolution happens separately). Front and back channel are more to do with trust boundaries, and what information is public vs private from the client's perspective.
replies(3): >>45014825 #>>45017066 #>>45017319 #
1. mrmuagi ◴[25 Aug 25 18:37 UTC] No.45017319[source]
The urls are logged usually and also like the other commentator pointed out can be stored in browser history/bookmarked.

I've seen just a general recommendation to avoid urlencoding parameters -- I guess that's why?