Skip to content

Typo in the word vulnerable #34596

New issue
New issue
Closed
Closed
Typo in the word vulnerable#34596
Labels
⌚ Not TriagedSource - Docs.msDocs Customer feedback via GitHub Issueaspnet-core/svcsecurity/subsvc
@sk-shahnawaz

Description

@sk-shahnawaz
sk-shahnawaz
opened on Jan 30, 2025

Description

Section link: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication?view=aspnetcore-9.0#never-create-an-access-token-from-a-usernamepassword-request

Content:

You should NOT create an access token from a username/password request. Username/password requests aren't authenticated and are vunerable to impersonation and phishing attacks. Access tokens should only be created using an OpenID Connect flow or an OAuth standard flow. Deviating from these standards can result in an insecure app.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication?view=aspnetcore-9.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authentication/configure-jwt-bearer-authentication.md

Document ID

8d24839c-6c0a-3b29-d9f1-0f52becbf0f5

Article author

@damienbod

Metadata

  • ID: 8d24839c-6c0a-3b29-d9f1-0f52becbf0f5
  • Service: aspnet-core
  • Sub-service: security

Related Issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    ⌚ Not TriagedSource - Docs.msDocs Customer feedback via GitHub Issueaspnet-core/svcsecurity/subsvc

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions