Announcements

Possible security bug in the web api auth example from gitbub

Possible security bug in the web api auth example from gitbub

Avatar of alexlindgren
Music Fan
‎2021-01-03 01:23 PM
I've cloned the code from: https://github.com/spotify/web-api-auth-examples and possibly found some security bug - but please correct me and explain why I'm wrong if that is the case.
 

State is set in /login route to

 

 

  var state = generateRandomString(16);
  res.cookie(stateKey, state);

 

 

And then updated and checked in /callback route with

 

 

  var state = req.query.state || null;
  var storedState = req.cookies ? req.cookies[stateKey] : null
  if (state === null || state !== storedState) {

 

 

As "state" is overwritten with the users incoming query.state, wouldn't that mean that if a users traffic was interrupted by a malicious user, they could just use whatever string they wanted in their query, as long as it corresponded to their cookie and overtake the connection? Why do you overwrite the state variable at all? Shouldn't it be kept the same as when assigned in the /login route and then used as a basis for comparison and security?

 

Labels:
0 Likes
Reply
0 Replies

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game…

Staff
ModeratorStaff / Moderator/ 1 year ago in Social & Random
Read more