I have own login concept on laravel. now i want to make it third party Login solution. So i have to understand many thing. So please tell me
Why we always pass Authentication token on header of Get and Post method ?
why not on direct url ( Query String )?
whats is advantage and disadvantage of this?
Passing parameters to url is subject to risk. Imagine if you is beyond a firewall/proxy that log traffic, an attacker can grab the token and made what it want.
See also this stackoverflow post
In addition to Max' answer see this OWASP article which mentions some more details why putting sensitive information into query parameters is no good idea:
https://www.owasp.org/index.php/Information_exposure_through_query_strings_in_url
Regarding your question why you'd better put this information into a header, resp. what the disadvantage (or better: threat) of putting it into the URL is:
This allows attackers to obtain sensitive data such as usernames, passwords, tokens (authX), database details, and any other potentially sensitive data. Simply using HTTPS does not resolve this vulnerability.
