Daniel Nord
Daniel Nord
Add an anonymous endpoint over HTTP to send some basic meta information about the ForwardAuth application when starting. The payload of the request should be just some basic information to...
ForwardAuth should have a nice looking javascript frontend - use forwardauth rest backend as api. - dashboard view for status about events, s - display events from /events endpoint -...
Need a modern, nice looking design for http status code page * one status page that can be used for different kinds of status codes (400,401,403,404,500) * css, images and...
To stop redirecting to the login page of Auth0 when rest ajax clients does requests, check if the accept type of the request is application/json and just deny access instead...
To be able to use ForwardAuth as a central component for other services to look up user info a new endpoint Profile/Userinfo/User should be implemented. The endpoint should parse the...
Should delete Session Cookies (JWT_TOKEN and ACCESS_TOKEN) from browser to remove user session.
In the new version its mandatory to use JWT Access Token to be able to verify that the access token is valid and has not expired. This can only be...
After a token has been verified, it should be cached and reused. Verification of a token cost about 50ms, and two of them takes about 100ms for each request. After...
verify both tokens, and check that the sub fields is the same in both.
After asking for help on the Auth0 community board I get the following advice. https://community.auth0.com/t/how-to-verify-a-if-access-token/30840/2 I think its best and less error prone to just deny access to opaque tokens....