Code Injection
A code injection attack happens when an attacker changes the value of an input or a parameter in a way that causes unexpected behavior in a website (such as a Login with HAQM client). A code injection attack is possible when a website does not validate incoming data before acting on it.
Login with HAQM client websites should validate data coming from the authorization service
, especially the state parameter, before acting on it. Login with HAQM clients should also validate customer profile
data if they use it programmatically.