/services/idg/services-support/web/sign-on/development/forum/?topic=8a17841a5c1b8abf015c452865633483 The latest posts to IDG » Web Sign On » Deprecation notice: GET requests passing tokens or credentials en-GB (C) 2026 University of ÌÇÐÄTV Wed, 02 Jul 2025 10:06:42 GMT http://blogs.law.harvard.edu/tech/rss SiteBuilder2, University of ÌÇÐÄTV, http://go.warwick.ac.uk/sitebuilder /services/idg/services-support/web/sign-on/development/forum/?post=8a17841b5c1b86eb015c6405f50d05b1 <p>Nick and Andrew,</p> <p>All Economics systems have been updated. If any shared systems are in use by other departments these will also have been updated.</p> <p>Andrew</p> Thu, 01 Jun 2017 14:18:51 GMT Andrew Taylor 8a17841b5c1b86eb015c6405f50d05b1 /services/idg/services-support/web/sign-on/development/forum/?post=8a17841a5c1b8abf015c629b9f884631 <p>Andrew P Smith,</p> <p>We aren't changing any parts of OAuth so unless you are making a GET request to /sentry or /origin/sentry then you may not need to make any changes. We will keep reviewing the requests that Web sign-on is receiving and will let you know if a machine that you manage appears to be doing so.</p> <p>&nbsp;</p> <p>Andrew Taylor,</p> <p>That timescale is fine, many thanks.</p> Thu, 01 Jun 2017 07:43:05 GMT Nick Howes 8a17841a5c1b8abf015c629b9f884631 /services/idg/services-support/web/sign-on/development/forum/?post=8a17841b5c1b86eb015c5a35941c4aac <p>Hi Nick (&amp; Andrew)</p> <p>&nbsp;</p> <p>Although I have nothing critical at present using ÌÇÐÄTV SSO (other than perhaps the Annual Leave system from Andrew Taylor which I assume he has/is checking).</p> <p>I do have a system that used SSO and I may in the near future wand to use elements of again. This uses the oAuth functions I was given by ITS (or at least were wtote in PHP based on Java originals. These do appear to use a filter_input(INPUT_GET, 'oauth_verifier', FILTER_SANITIZE_SPECIAL_CHARS); function even though most of the later code does resort to POSTing parameters.&nbsp;</p> <p>If it is this element of the Code that would not cease to function, may I ask what we might use in its stead?</p> <p>The existing code does still appear to work. If it fails later, I might simply resort to using JSONP from within SiteBuilder, rather than using ÌÇÐÄTV SSO to validate access to a website hosted externally.&nbsp;</p> <p>Kind regards</p> <p>Andrew P Smith</p> <p>Applied Linguistics</p> <p>&nbsp;</p> Tue, 30 May 2017 16:34:39 GMT Andrew Smith 8a17841b5c1b86eb015c5a35941c4aac /services/idg/services-support/web/sign-on/development/forum/?post=8a17841a5c1b8abf015c5a0f72763dca <p>Hi Nick,</p> <p>We use GET requests on a number of applications. I'll do some testing on Thursday and have everything updated by the end of the week. Does that work within your timescales?</p> <p>Andrew</p> Tue, 30 May 2017 15:53:00 GMT Andrew Taylor 8a17841a5c1b8abf015c5a0f72763dca /services/idg/services-support/web/sign-on/development/forum/?post=8a17841a5c1b8abf015c452865643484 <p>If you have hand-written code to make GET requests to /sentry with requestType of 1 (token) or 2 (auth), you will need to change this to make a POST request instead as we will be disallowing GET requests in future. The "token" parameter must be moved out of the URL query and into the POST body. Other requestTypes such as 4 and 5 (user lookup) are fine to request as a GET.</p> <p>We'll try to contact most of the people who we know are making such requests, but we can't reliably detect every application so you may wish to review your code now to avoid any loss of service for users.</p> Fri, 26 May 2017 14:28:14 GMT Nick Howes 8a17841a5c1b8abf015c452865643484