pingone-sample-custom-signon

pingone-sample-custom-signon copied to clipboard

Bumps [terser](https://github.com/terser/terser) from 4.6.10 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) v4.8.0 Support for numeric separators (million...

dependabot[bot]

Bumps [terser](https://github.com/terser/terser) from 4.6.10 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) v4.8.0 Support for numeric separators (million...

dependabot[bot]

Is the documentation updated?

1

I was trying to follow the README.md under pingone-sample-custom-signon/react/ to run the code. And found the documentation seems not maintained: 1. In Getting Started section, it is saying clone the...

artecher

react-auth-client doesn't include example support for using refresh tokens to get a new access token.

yhamade

react-auth-client does not support PKCE and requires client secret to be coded into the application. This is considered an insecure method of authentication for untrusted clients, such as single page...

yhamade

The jwt_verifier.js does not check to see if the token has been revoked by the IDP. It only checks for valid signature. Please consider adding token revocation checking as a...

yhamade

The included jwt_verifier.js requires that the JWKS URL provide the certificate in x509 format (x5c attribute). PingFederate may not provide this attribute. Instead you may consider implementing the "jwks-rsa" module...

yhamade

hkrop

react-auth-client does not support tokenEndpointAuthMethod: "none"

1

Token call passes the Authorization: Basic header if tokenEndpointAuthMethod is not client_secret_post

csavory

need a better example of config.js for react client. able to setup react-auth-client without issue but confused by react client

aphuang2013