Impact of enabling "glide.oauth.allow.parameters.in.post.body.only" property

Magda13 · 2 hours ago

Does anyone has any experience with activating the "Restrict Oauth Parameters to POST Body" Security Hardening on an instance? I need to understand the potential impact of enabling "glide.oauth.allow.parameters.in.post.body.only" property. From what I understand, integrations that send their OAuth tokens in the URL instead of the POST body will fail.

Any recommendations on how to best identify such integrations?

Thanks in advance!

Tanushree Maiti · 2 hours ago

If glide.oauth.allow.parameters.in.post.body.only isn't set to the recommended value of true, access tokens could be present in the GET request parameter. These access tokens could linger in client and infrastructure logs and potentially lead to account takeover if those logs are leaked.

ref:Restrict oauth parameters to POST body [New in Security Center 1.3] • Zurich Platform security • Doc...

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin: