Authentication Security Best Practices

1.1.x
(6 reviews)

access-tokens-oauth2-cleartext

general > access-tokens-oauth2-cleartext

Guidance

Access tokens from authorization code grant flow are transported in the clear over an unencrypted channel.
Attackers can easily intercept API calls and retrieve the unencrypted tokens. They can then use the tokens to make
other API calls.

Message

Server Uri should be https.

Examples

valid

openapi: 3.0.0
info:
  title: My API
  description: This is a sample API
  version: 1.0.0
servers:
  - url: https://api.example.com/v1

invalid

openapi: 3.0.0
info:
  title: My API
  description: This is a sample API
  version: 1.0.0
servers:
  - url: http://api.example.com/v1

Applies to Operation

Constraint

Type: Declarative Validation

Reviews

TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onNov 29, 2023

Asset versions for 1.1.x

Version
1.1.0

Tags

specification