auth0-golang-web-app

auth0-golang-web-app copied to clipboard

bumping go to 1.19 in order to run sample app

tyfrth

In go.mod, the requested version of go should be: go 1.18 It is currently: go 1.16 Currently with the instructions, and without the fix, this is the result of "go...

jyeager-dusty

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.2.0 to 3.4.0. Release notes Sourced from github.com/coreos/go-oidc/v3's releases. v3.4.0 What's Changed oidc: add Config.InsecureSkipSignatureCheck by @​ericchiang in coreos/go-oidc#351 Full Changelog: https://github.com/coreos/go-oidc/compare/v3.3.0...v3.4.0 v3.3.0 What's Changed feat: export...

dependabot[bot]

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.15.0 to 0.19.0. Commits d0e617c google: add Credentials.UniverseDomainProvider 3c9c1f6 oauth2/google: fix the logic of sts 0 value of expires_in 5a05c65 oauth2/google: fix remove content-type header from idms...

dependabot[bot]

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.9.0 to 3.10.0. Release notes Sourced from github.com/coreos/go-oidc/v3's releases. v3.10.0 What's Changed fix minor typo by @​bgerrity in coreos/go-oidc#414 updated github actions by @​ericchiang in coreos/go-oidc#419 add...

dependabot[bot]

Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.3. Release notes Sourced from github.com/go-jose/go-jose/v3's releases. Version 3.0.3 Fixed Limit decompression output size to prevent a DoS. Backport from v4.0.1. Version 3.0.2 Fixed DecryptMulti:...

dependabot[bot]

Run the tests from [auth0-samples/spa-quickstarts-tests](https://github.com/auth0-samples/spa-quickstarts-tests) in GitHub actions. Similar to what we have done in the Auth0 org this is done using a reusable workflow that (in theory) can be...

ewanharris

Add PKCE (RFC 7636)

1

OAuth 2.0 security best current practice draft recommends using PKCE: https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-22.html#section-2.1.1-2.2.1 There is [a feature request](https://github.com/golang/oauth2/issues/603) to integrate PKCE into [golang.org/x/oauth2](https://pkg.go.dev/golang.org/x/oauth2), but currently no native support.

eikemeier

Update codeowner file with new GitHub team name

stevenwong-okta