Cubicroot
Cubicroot
Sure created https://github.com/pushbits/server/pull/29
> Regarding the longterm tokens you'd like to add, what are the high-level steps we need to implement this? I think we need to make a Handler that simply calls...
I'd like to open a discussion about error messages. Currently all authentication related errors will be displayed as internal server errors to the client with a generic error message. The...
> Is that so the errors are more consistent or is there another issue I'm overlooking? If the former is the case, happy to use other error codes. Only thing...
> Errors are currently very consistent - always HTTP 500 - I'd like to at least change that to a 403 or maybe just reenable the build in error handler...
We should add ~~state~~ and challenge parameters to further secure the authentication and add a config option to restrict the redirect url. Edit: state is already implemented - challenge not....
> > > We should add ~state~ and challenge parameters to further secure the authentication and add a config option to restrict the redirect url. > > Edit: state is...
Please add some documentation and examples. It really is a blind trial and error what I am doing currently.
> the request can't be edit before sending it to fuzzer comming from burp suite I really miss that feature. > which in brute force attack it may blocks username...
> Hmm, I've just tried the latest version, and got sent to the top on refresh. Maybe it regressed again? Can confirm, same here in v1.1.3, worked previously.