hackerman
hackerman
While the PR is being worked on I will mark it as a draft. That declutters our review backlog :) Once you're done with your changes and would like someone...
I guess the problem with state is that it is purely user-set and we have no control over the randomness. Using it as the basis for defensive measures introduced server-side...
I see, thank you for the use case examples. That makes sense. If possible, I would like to use this PR to come up with a solution that works even...
You're right, also changing the cookie mechanism *should* not lead to many issues later on if we decide to change the CSRF approach, so this is certainly already an improvement...
Hey, this looks pretty good I think! We're currently freezing any pushes to master as we're working on v2.x and have a tremendous amount of merge conflicts which we want...
You can help by making this PR against branch v2.x but I understand if that is too much work right now
I don't think this would be compliant with OpenID Connect Dynamic Client Registration, right?
Sorry for not replying. This is possible when using JSON Web Keys (private_key_jwt auth), as you can register more than one JWK per client. It is an advanced flow, but...
Sorry, actually I noticed that we support this now in fosite. So it would be little work to add it here, if anyone is up for the challenge. First it...
Great find! That makes a lot of sense - we probably need to add an index for this too. Would you be willing to supply a PR for this? If...