David Crome
David Crome
I think we just need to follow the migration guide: https://circleci.com/docs/2.0/migrating-from-1-2/
The compliance with the SCIM [core schema](https://tools.ietf.org/html/draft-ietf-scim-core-schema-22) and [api](https://tools.ietf.org/html/draft-ietf-scim-api-19) spec needs to be checked. This issue invites everyone to check the spec against our implementation in [osiam](https://github.com/osiam/osiam). The following incompatibilities...
Moved from https://github.com/osiam/auth-server/issues/7: @tkrille wrote: > 30 minutes is not enough for most of the use cases. Session timeout MUST be configurable. @dacrome wrote: > This fruit hangs so low,...
Moved from https://github.com/osiam/resource-server/issues/47 @thomasdarimont wrote: > The section about Service Provider Configuration Endpoints of the [SCIM Specification](https://tools.ietf.org/html/draft-ietf-scim-api-19#section-4) describes a `/Schemas` endpoint that enables clients to discover the list of supported...
Specific users (e.g. users with a specific role) should be able to administrate the users and groups of OSIAM. This should be done with the integration of the [addon-administration](https://github.com/osiam/addon-administration). The...
Moved from https://github.com/osiam/resource-server/issues/29: At this time the resource server is using a custom AOP aspect to measure the time a method is running (org.osiam.resources.helper.MeasureDurationTimeOfMethods). This should be replaced with Metrics'...
Moved from https://github.com/osiam/resource-server/issues/6: one should be able to define password constraints at configuration/deployment time. we should start with minimal length constraints and add something like character classes later on. constraints...
Moved from https://github.com/osiam/resource-server/issues/46: @thomasdarimont wrote: > The section about Service Provider Configuration Endpoints of the [SCIM Specification](https://tools.ietf.org/html/draft-ietf-scim-api-19#section-4) describes a `/RessourceTypes` endpoint that enables clients to discover the list of supported...
Moved from https://github.com/osiam/auth-server/issues/75: @mley: Missing logging if redirect_uri from oauth request does not match the client's redirect_uri in the database. If the redirect uris do not match, the user is...
Moved from https://github.com/osiam/auth-server/issues/68: @tkrille: Endpoints like `access_confirmation`, `oauth/authorize`, etc. should be protected against CSRF. Spring Security has native support for that. First step would be to gather all endpoints that...