Square OAuth Secret
Description
The Square OAuth API uses the OAuth 2 protocol to get permission from the owner of the seller account to manage specific types of resources in that account.
Code Example
text
{
"Authorization: Client APPLICATION_SECRET",
}Remediation
Square
. Revoke the exposed secret. + `POST /oauth2/revoke`: Revokes an access token generated with the OAuth flow. + If an account has more than one OAuth access token for your application, this endpoint revokes all of them, regardless of which token you specify. + When an OAuth access token is revoked, all of the active subscriptions associated with that OAuth token are canceled immediately. + Replace APPLICATION_SECRET with the application secret on the OAuth page in the developer dashboard. +
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1314 |
| Severity | LOW |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_16 |