Change the Login API request.

Created on 21 July 2023, 11 months ago

Updated 15 February 2024, 4 months ago

Problem/Motivation

For Orange Logic security recommendations, the Login API request must be changed to POST:

Orange Logic recommends that the Login and Password parameters are passed to the Login API using a POST request, as it provides increased security.

Proposed resolution

GET is changed to POST in the request:

try {
      $response = $this->httpClient->request(
        'POST',
        $token_endpoint,
        [
          'query' => [
            'Login' => $config->get('username'),
            'Password' => $config->get('password'),
          ],
        ]
      );
    }

📌 Task

Status

Fixed

Version

1.0

Component

Code

Created by

🇪🇸Spain ipitbiz

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @ipitbiz
Status changed to RTBC 6 months ago5:30pm 20 December 2023
Comment 6 months ago →
🇪🇸Spain rodrigoaguilera Barcelona
We had this working for a while so I'm happy to RTBC
Comment 5 months ago →
System Message

rodrigoaguilera → committed fd634085 on 1.0.x authored by ipitbiz →
Issue #3376109 by ipitbiz: Change the Login API request
Status changed to Fixed 5 months ago2:15pm 1 February 2024
Comment 5 months ago →
🇪🇸Spain rodrigoaguilera Barcelona
Comment 4 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024