Start computing from basic

Today I will create a oAuth application using java programming language. The application will access google's gmail api and read emails in user's gmail inbox. To access user's gmail account, application will use oAuth access token obtained by gmail authentication server. Don't worry. I will demonstrate each step by clearly. So lets start computing from basics! To use gmail api, we need to obtain app id and app secret from google api console. To do so, you will need a google account. If you are using a gmail account or any other google product (Ex. google drive, youtube), then you already have a google account. If you don't have a google account, you can create it from here. So then you will need to access into the google cloud api console. It has very clear and clean user interface. Google api console will provide various kinds of apis from each of google products. Since we are going to develop for Gmail, lets log into gmail api section. In google itself there are...

This is a continuation of previous csrf prevention tutorial . If you haven't read it, please read it first.  Lets continue from previous one. As you can remember, we have succesfull implemented an application that prevents from csrf attacks using synchronizer token pattern . Today we will try to prevent csrf using double submit cookie pattern . Since both synchronizer token pattern and double submit cookie pattern have same application base, I will try to modify the previous application to achieve the goal. Before the coding, lets remember the idea and difference between synchrizer token pattern and double submit cookie pattern. In synchronizer token pattern, server needs to maintain a list of csrf tokens for each user session. So client will request that stored token using an ajax request. Since cross domain requests are not allowed by default in ajax, malicous sites cannot request csrf token from server. In double submit cookie pattern, server will not maintain list of csr...