Chris Barth
Chris Barth
@ahacker1-securesaml and @srd90 , have a look at the latest code I pushed. It is linted and tested and has updated comments to reflect our discussion here. I'm content to...
@ahacker1-securesaml , just one more thought. We have `getReferences()` as a function that simply returns an array to make sure that no consumer of the library can write to that...
@ahacker1-securesaml and @srd90 , are we all good now?
@ahacker1-securesaml or @srd90 , just so I make sure I'm not missing anything, can you comment on the subtle differences between the new `.getSignedReferences()` API and the previously recommended technique...
I'll turn my attention back to `node-saml` then. So then, `getReferences()` shouldn't have been deprecated?
I'm not sure I fully understand. If the `.reference` contains non-canonical data that is potentially dangerous, why would we say they can use it at all? Are you referring to...
Ok, and the _only_ reason I care about this library is for SAML applications, like `node-saml`. I don't want to ship `node-saml` where during its normal, expected, runtime operations, it...
@ahacker1-securesaml , it may be quicker for you, but it is extra maintenance burden for me and sends the message that we still support those older versions. I'm not going...
Thank you very much for your contribution. Can you please include tests?
@kaibernhard , your proposed tests 1-4 seem very reasonable. Basically, we just want to make sure there is some code coverage to make sure that future modifications to the code...