Stojan Dimitrovski
Stojan Dimitrovski
Hey yes this is a good suggestion. Though, we would probably use something like `listIdentitiesForEmailAddress` since email addresses do not always uniquely identify users.
@zekth Yes I agree with the JWK approach as I raised it previously too -- IMO we're bound to end up either using it or reinventing it. In general my...
> The content to be signed is still: {msg_id}.{timestamp}.{payload}. This in now HMAC256 with the consumer id (discussed above) instead of with the secret (done in the symmetric case), and...
> Do we want to propagate in the header some informations regarding the publickey or should it be defined by the spec from the producer? It's always a good idea...
> somoeone suggested the set method is only setting one cookie at a time... This could very well be the case. We're about to release 0.4.0 of `@supabase/ssr` in the...
Looks like this is a bug in the underlying library, the `EntityDescriptor` type correctly parses the `Duration` but not the `EntitiesDescriptor` (plural!): https://github.com/crewjam/saml/blob/main/metadata.go#L30-L103 Will take a while to fix given...
Proposed a fix: https://github.com/crewjam/saml/pull/575
If we don't see any movement on this in the library, the only option we have is to essentially fork.
Would prefer if the name for the Firebase scrypt be `fbscrypt` instead of `scrypt`.
Let's rename the title to WebAuthn, not FIDO2.