Authentication Security Best Practices

general > access-tokens-oauth2-cleartext

Guidance

Access tokens from authorization code grant flow are transported in the clear over an unencrypted channel.
Attackers can easily intercept API calls and retrieve the unencrypted tokens. They can then use the tokens to make
other API calls.

Applies to Operation

Constraint

Type: Declarative Validation