Michael Schwartz
Michael Schwartz
The name `API Resource Server Client` is not accurate... this is actually the client for the oxTrust API if it is using UMA for protection. It should be re-named `oxTrust...
 The Gorn protects the TUI... but he can't be everywhere at once. There is a 5% chance when you start the TUI that you will have to kill the...
See https://bitbucket.org/openid/fapi/pull-requests/365 Mitigations 1 and 2 look like good options, activated via feature flag. ``` ### DPoP Proof Replay An attacker of type A7 (see [@attackermodel]) may be able to...
During installation we create two clients to make facilitate testing and development: `api-rp.p12` and `scim-rp.jks` The information should be randomly generated, displayed at the end of the installation process, and...
It's inevitable that people will use our sample creds in production, so let's make sure that all sample keystores have random and long passwords (i.e. not `secret`) .
To make Jans easy to learn, we add a bunch of sample clients, scripts, and other configuration (for example a sample custom attribute). We should have a setup option for...
While viewing a client in the TUI, the admin is able to export this client's data (minus secret) to a file. This could be handy to share the client configuration...
Response Type `none` is specified in [OAuth 2.0 Multiple Response Type Encoding Practice](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#none)
* In the UI, it would be nice if we had an attribute like `jansClientGroup` so we could "group" clients in the UI. * Perhaps we should add an extra...
I see these properties in the Admin UI and it makes me wonder if the property names need to be updated in Jans.