Continuing the discussion from Confused about OAUTH2 workflow:
First I recognize that my question is not Elm-specific and I apologize if some feel it is inappropriate in scope for this forum.
@pdamoc can you elaborate on the setup for this? Is the Elm side involved in the process of obtaining the JWT at all? If not how are you obtaining the JWT? I can understand how one would parse the token on the backend and pass that info as a flag to Elm, but I’m confused about how to implement the initial step.
Thanks in advance.
I’ve found many variations on the following taken from this blog:
After checking for approval, your web-server code should then validate that the state parameter from the redirect is the same that was stored in the user’s session. Checking the state is important to protect against Cross-Site Request Forgery attacks. Your web-server code then needs to take the code parameter and call back to OAuth provider to validate it and turn it into an access-token. You web-server code should send a POST to the URL
But how does one get the server to parse the params of the redirect URL?