How do I generate and store the state parameter for OAuth?

Yi Mei Wang asked May 22, 2020 9:11am in General

Yi Mei Wang May 22, 2020 9:11am

https://authorization-server.com/oauth/authorize
?client_id=a17c21ed
&response_type=code
&state=5ca75bd30
&redirect_uri=https%3A%2F%2Fexample-app.com%2Fauth
&scope=photos

The above is a standard format for OAuth authorization URL, and how do I generate and store the state parameter? I understand that you can encode information inside for redirect purposes and it's also for CSRF prevention, but does this mean I need to have a column in my database to store the state? Do I need to invalidate it after 30 mins to keep it "unguessable"? It seems very overkill, and I am utterly confused as to what's a good way to do this.

Join the discussion

Create an account Log in

Courses

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Apps

Hatchbox.io

Jumpstart Rails SaaS Template

Other

Remote Ruby Podcast

GoRails Open Source

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Notifications

How do I generate and store the state parameter for OAuth?

Want to stay up-to-date with Ruby on Rails?