Currently it is possible to send tokens via GET or POST. This means that token values will get logged in logs etc, and generally its a bad practice to send tokens via URLs.
Since we are already accpeting tokens via the Bearer Authorization, the support for tokens in request variables should be dropped.
Currently it is possible to send tokens via GET or POST. This means that token values will get logged in logs etc, and generally its a bad practice to send tokens via URLs.
Since we are already accpeting tokens via the Bearer Authorization, the support for tokens in request variables should be dropped.