Auth0 Home Blog Docs

Ruby example code for Machine to Machine applications needs to be changed


#1

If you create a new “machine to machine application”, then go to the “quick start” tab under the settings for that app, there is sample code for a variety of languages listed there. The Ruby example includes the following line:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

Can I suggest that this line be removed, or at least commented out. It disable SSL certificate validation, which enables MITM attacks.


#2

Hey there @as2003!

Thanks for reporting that! Already provided feedback on that to our product team. Should be fixed soon. If by any change you come across anything similar in the future do not hesitate to uuse our feedback site to provide us with info on that:

One more time thanks a lot!