Part 2: OAuth? How hard can that be? (SDK with Copilot Series)

July 7, 2025 1 minute read

After episode one in the series I’ve not got into some technical parts of setting up OAuth with the library.

I’m continuing to learn more about what Copilot can do — and what it thinks it can, but really can’t!

I also found that the Zoho Bigin API doesn’t do OAuth in the most secure way. Some of the token parameters are sent via query string in the authentication process. This is not ideal (even if running over HTTPS). Tokens in URLs can be logged by:

Server logs
Browser history
Proxy and CDN logs
Referrer headers if the user clicks a link from the page.

In addtion URLs have length limits in some systems, risking truncation.

Always keep private data out of the query string and send it via POST payloads for security.

Share on

LinkedIn Bluesky

Building an SDK with Copilot (Video Series)

July 2, 2025 1 minute read

I have been using Copilot for VS Code for a while now, just on a curious/ad-hoc basis.

Current ChatGPT Setup

July 1, 2025 6 minute read

I don’t know where I grabbed this ChatGPT prompt instruction list from (I think LinkedIn), but I’ve been using it for a while and it has been working well fo...

Using groups in the console

June 19, 2025 4 minute read

Ah yes, console.log() - we use it more than we should, but it’s just so handy! But could we use it better when debugging loops in our code?

I guess I’m blogging now?

June 15, 2025 4 minute read

Hey! Looks like I’m going to attempt blogging again?

Greg Robson