Leo

icon company @CorrelAid icon location Berlin icon location Data4Gooder @CorrelAid they/he

Results 12 issues of Leo

investigate auth0

see https://github.com/curso-r/auth0 maybe we could do something similar for sealr.

strategy::auth0

Best practices / considerations in docs

we should add a section to the docs with best practices / considerations. Topics: - local storage vs cookies. - XSS / CSRF - SQL injection

documentation

investigate github oauth

1 comment

strategy::github

Example application

develop an example application - locally - deploy

priority::medium
exampleapp

allow custom return function instead of 401

priority::low

CSRF

best practices for browser apps: https://developers.google.com/identity/work/saas-browser-apps General issue: CSRF attacks warnings to docs

JWT - more than 2 filters example

5 comment

maybe we can do mulitple filters to allow for more granular authorization? idea: - in authenticate route, add a "scope" to claims - one filter for general scope - one...

strategy::jwt
blocked

use rlang errors instead of base errors

rlang errors provide a better backtrace compared to base errors. https://www.tidyverse.org/articles/2018/10/rlang-0-3-0/

type::enhancement
priority::low

Sessions - session tokens

for backlog.

priority::low
strategy::sessions

Include WWW-Authenticate header in 401 response

3 comment

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate as per RFC 2616, we should include a WWW-Authenticate header in the 401 response. " The request requires user authentication. The response MUST include a WWW-Authenticate header field (section...

good first issue
priority::low