...
On the other hand, Explicit intent sent access tokens by using specific components to personalize for specific applications. Specifically when sending access tokens to hosts we should use explicit intent rather than implicit.
Noncompliant Code Example
This noncompliant code example shows an application that ...
Code Block | ||
---|---|---|
| ||
protected void OnTokenAcquired(Bundle savedInstanceState) { //[Code to construct an OAuth client request goes here] Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse(request.getlocationUri() + "&response_type=code")); startActivity(intent); } |
Compliant Solution
In this compliant solution ...:
Code Block | ||
---|---|---|
| ||
protected void OnTokenAcquired(Bundle savedInstanceState) { //[Code to construct an OAuth client request goes here] Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse(request.getlocationUri() + "&response_type=code"), this, [YOUR OAUTH ACTIVITY CLASS]); startActivity(intent); } |
Exceptions
Risk Assessment
Summary of risk assessment.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
TBD |
|
|
|
|
|
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
TBD |
|
Related Guidelines
Fill in the table below with at least one entry row, per these instructions, then remove this purple-font section.
Improper Validation of Certificate with Host Mismatch |
Bibliography
[Chen 14] | OAuth Demystified for Mobile Application Developers. OAuthDemystified.pdf |
[IETF OAuth1.0a] | Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/. |
[IETF OAuth2.0] | Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749. |
[Android Intent] | Intends and Intent Filters in Andriod Developer Documentation. Intents.filters.document |
...