The glide.oauth.allow.parameters.in.post.body.only property controls the inbound OAuth authentication’s acceptance of access tokens. Access tokens are sensitive and should only be accepted when located within a POST request body.

More information

AttributeDescription
Configuration name glide.oauth.allow.parameters.in.post.body.only
Configuration type System Properties (/sys_properties_list.do)
Data type boolean
Recommended value true
Default value true
Category Data protection
Security risk
  • Severity score: 7.4
  • CVSS score: High
  • Security risk details: If glide.oauth.allow.parameters.in.post.body.only is not set to the recommended value of true, then access tokens could be in the GET request parameter which could linger in client infrastructure logs and potentially lead to account takeover if those logs are leaked.
Dependencies and prerequisites None
References
Functional impact Ensures that oauth_token.do processor accepts only POST body parameters as input for all supported grant types.