identity-oidc-sinatra
identity-oidc-sinatra copied to clipboard
18F
Example OpenID Connect relying party as a Sinatra app
🛑 -- DO NOT MERGE- WAITING ON DEPENDENCY -- 🛑 All items in list must be complete before this can be merged: - [ ] Ensure [dependency](https://github.com/18F/identity-idp/pull/10618) has been merged...
This PR contents all the code updates to move Circle-CI jobs to [Gitlab pipeline](https://gitlab.login.gov/lg/identity-oidc-sinatra/-/pipelines/109054)
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.5 to 3.2.8. Release notes Sourced from rexml's releases. REXML 3.2.8 - 2024-05-16 Fixes Suppressed a warning REXML 3.2.7 - 2024-05-16 Improvements Improve parse performance by using...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5. Release notes Sourced from nokogiri's releases. v1.16.5 / 2024-05-13 Security [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information. Dependencies...
I noticed this while debugging https://github.com/18F/identity-loadtest/issues/40 ``` App 17118 output: 2021-07-08 23:29:15 - JWT::DecodeError - Nil JSON web token: App 17118 output: /srv/sp-oidc-sinatra/shared/bundle/ruby/2.6.0/gems/jwt-2.1.0/lib/jwt.rb:26:in `decode' App 17118 output: /srv/sp-oidc-sinatra/releases/20210707225430/app.rb:209:in `userinfo' App...
``` Redirect uri redirect_uri does not match registered redirect_uri ``` ## Steps to reproduce 1. Go to https://sp-oidc-sinatra.int.identitysandbox.gov 1. Log in 1. View "Success page" 1. Hit the "Log out"...
The app is entirely stateless and doesn't check the state or nonce parameters to double check that a received login request actually originated with this sample app. As a result,...
Currently sp-oidc-sinatra uses the hardcoded demo key in all environments, including when deployed in EC2. This is a low-impact vulnerability today since it could only be used to forge login...
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.5 to 3.3.6. Release notes Sourced from rexml's releases. REXML 3.3.6 - 2024-08-22 Improvements Removed duplicated entity expansions for performance. GH-194 Patch by Viktor Ivarsson. Improved namespace...
Issue: https://gitlab.login.gov/lg-people/lg-people-appdev/Melba/backlog-fy24/-/issues/22
