Introduction This is a Draft RFC Specification for Graph QL, a query language created by Facebook in 2012 for describing the capabilities and requirements of data models for client‐server applications. Graph QL is a new and evolving language and is not complete.
Significant enhancement will continue in future editions of this specification.
It leverages experiences in the development of the SANS Top 20 attack vectors ( and MITRE's Common Weakness Enumeration (CWE) (
First, you will need to register your application with your Azure Active Directory (Azure AD) tenant.
This will give you an Application ID for your application, as well as enable it to receive tokens. In this request, the client indicates the permissions it needs to acquire from the user.
Some such comments indicate the reporting category defined in the XML specification.
Some low-fidelity processor APIs don't expose recoverable errors, which can make validation work awkward.
Copyright notice Copyright (c) 2015‐2017, Facebook, Inc. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped.The OAuth 2.0 authorization code flow is described in section 4.1 of the OAuth 2.0 specification.It is used to perform authentication and authorization in most application types, including web apps and natively installed apps.Azure Active Directory (Azure AD) uses OAuth 2.0 to enable you to authorize access to web applications and web APIs in your Azure AD tenant.