Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Error: OAuth 2 parameters can only have a single value: hd

Tags:

security

oauth-2.0

Restricted the app to login using OAuth to one domain (say abc.com). Getting the error with the following steps:

  1. Logged in with multiple accounts in a browser on google.
  2. On trying to login with a user whose domain is not mentioned, nothing happens(no error message). Try to login with the invalid user twice.
  3. Now try to login with a valid user.

On doing that the following error occurs:

OAuth 2 parameters can only have a single value: hd

In the error stack trace client id is visible. Is that a security risk?

How can this error be fixed?

like image 209
user2290352 Avatar asked Apr 17 '13 11:04

user2290352

People also ask

How does OAuth 2.0 work?

How Does OAuth 2.0 Work? At the most basic level, before OAuth 2.0 can be used, the Client must acquire its own credentials, a client id and client secret, from the Authorization Server in order to identify and authenticate itself when requesting an Access Token.

Why OAuth 2.0 is important?

OAuth 2.0 is a secure, open data sharing standard that should be built into every app. This authentication and authorization standard protects user data by providing access to the data without revealing the user's identity or credentials.

1 Answers

According to documentation the hd parameter is for G Suite, so you are probably repeating the hd parameter, one with the hd=* and the other with your hosted domain(s). Also states that you should not rely in this UI optimization to control access to your app.

In the error stack trace client id is visible. Is that a security risk?

None. It is not a secret. It is use for debugging purpose.

How can this error be fixed?

Try to replace the param hd instead of just add a new one. In general, this should be done with every param of your request. Also the OAuth2 documentation states an invalid_request error when you repeat a parameter.

like image 196
Antonio Saco Avatar answered Sep 28 '22 09:09

Antonio Saco
Sign in to Comment

Related questions

Security exploits in "safe" languages
How to identify mixed content in https website
Is it possible to execute PHP with extension file.php.jpg?
Is it safe to read regular expressions from a file?
Is there a way to rename the RequestVerificationToken cookie name?
Is there a way to secure strings for Python's eval?
ASP.NET MVC Anti Forgery Token Insecure
Why is using a certificate, made with the MakeCert tool, in production bad?
Deny access multiple .php files with .htaccess? [duplicate]
password_compat for older php version
Tips on signed cookies instead of sessions
What is the Docker security risk of /var/run/docker.sock?
Salt, passwords and security
Error connecting to all of my SQL servers
How to handle HTTP 403 with Spring Security 3.0.x
Add HSTS feature to Tomcat
How to validate SQL Server traffic is encrypted?
How would you add salt to your existing password hashes?
Effective Password Encryption
permanently drop root privileges on modern Linux

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!