We’ve integrated auth0 and GTM manager in our SPA. After returning from universal login the URL with query parameter code
from auth0 is now pushed to GTM. Is this a security issue?
According to the spec, the code
passed as a query param in the URL is short-lived (max 10 min.), and it cannot be used more than once to exchange for the Access Token and other tokens. This should not cause a security issue since the code is unusable once it has been passed back to Auth0 in exchange for tokens.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.