Lauritz
**Attention**: The `XmlFullSignature` operation is vulnerable to XXE. This has the following implications: 1) Depending on your use case of *CSTC*, you are directly vulnerable to this attack. E.g. if...
Disable external Entities (https://github.com/usdAG/cstc/issues/69).
It would be great if `jwt_tool` would support encrypted JWT variants as described in https://datatracker.ietf.org/doc/html/rfc7519#appendix-A. At the very least, it would be great if the JOSE header would be parsed...
* Parse provided fragment * Scan "query parameters" of fragment of present
There are further methods that should be investigated and, if suitable, added to the "-g" feature flag. Example: https://twitter.com/bemodtwz/status/1634264844013543451?
In [Section 5.2.1.1.](https://github.com/aaronpk/oauth-v2-1/blob/main/draft-ietf-oauth-v2-1.md#authorization-request-header-field) the syntax of `access_token` values that are used in the context of HTTP headers is explicitly outlined as follows: ``` b64token = 1*( ALPHA / DIGIT /...
This pull request adds two workflows: * **FindSSO**: Highlights requests that are likely associated with SSO flows * **EvalSSO**: Add findings for basic analysis results of OAuth/OIDC SSO flows (for...
https://github.com/robsontenorio/laravel-keycloak-guard/issues/118 Hey there! This is my first try to contribute to this project. Please note that for some reason my test does not work yet. Apparently, even though I added...
Hey there! We recently had a use case where we wanted to use HttpOnly Cookies to transfer the Keycloak JWT instead of the `Authorization` header. The modifications to achieve that...