Felix B. Bause

The frontend reacts here: https://github.com/teamhanko/hanko/blob/5693c90077a2ea4e332f76a679afecab32d6aa81/frontend-sdk/src/lib/client/PasscodeClient.ts#L99 I don't see a big problem going forward with this.

> > The frontend reacts here: > > https://github.com/teamhanko/hanko/blob/5693c90077a2ea4e332f76a679afecab32d6aa81/frontend-sdk/src/lib/client/PasscodeClient.ts#L99 > > > > I don't see a big problem going forward with this. > > If the handler no longer...

To make this work we would have to: * change the backend config to include a parameter for the cookie name https://github.com/teamhanko/hanko/blob/87a4003bae7d866d5a5b3674d4444705f331a604/backend/config/config.go#L162 * return the cookie name in the PublicConfig...

Hey Matthew, thanks for your contribution. You are right, returning a 404 in this case goes in the direction of an account enumeration. Just checking in on @bjoern-m: Does the...

Closing due to inactivity.

The Passcode init endpoint can now be protected with some basic fixed-window rate limiting which combines user-id and IP.

Hi Ferdinand, thanks for your contribution and sorry we didn't answer earlier on the discussion. We talked about this and think that right now we don't want to support OIDC...

We recently had a talk about this and imagined a somehow hybrid approach: Give out a server stored session/refresh token and a short lived JWT session. This way relaying-party backend...

Have you tried out https://github.com/nuxt-modules/hanko yet?

Hey Darren. Thanks for this in depth analysis! I think the initial way of thinking was that you don't remove anything out of the config but always add more keys...