Possible security bug in the web api auth example ...

Possible security bug in the web api auth example from gitbub

I've cloned the code from: https://github.com/spotify/web-api-auth-examples and possibly found some security bug - but please correct me and explain why I'm wrong if that is the case.

State is set in /login route to

  var state = generateRandomString(16);
  res.cookie(stateKey, state);

And then updated and checked in /callback route with

  var state = req.query.state || null;
  var storedState = req.cookies ? req.cookies[stateKey] : null
  if (state === null || state !== storedState) {

As "state" is overwritten with the users incoming query.state, wouldn't that mean that if a users traffic was interrupted by a malicious user, they could just use whatever string they wanted in their query, as long as it corresponded to their cookie and overtake the connection? Why do you overwrite the state variable at all? Shouldn't it be kept the same as when assigned in the /login route and then used as a basis for comparison and security?

0 Replies

never-displayed

You must be signed in to add attachments

never-displayed

Additional options

Associated Products

Spotify Community