Jasper Siepkes

**Is your feature request related to a problem? Please describe.** Currently it is possible to retrieve an `access_token` in OpenBao but not to extend it's lifetime in a OAuth2 /...

**Is your feature request related to a problem? Please describe.** I think (unless I'm missing something here) in it's current state it is very hard to securely use OpenBaos OIDC...

Verify (and possible mirror) NPM installers

3

As discussed in #24 the `openam-ui-ria` project pulls in an NPM installer via a Maven plugin. We need a way to verify the NPM installer we downloaded. This might require...

Verify (and possible mirror) PhantomJS download

1

Somewhat related to #26. `openam-ui-ria` also manually pulls in PhantomJS with the `frontend-maven-plugin` plugin. Need to look in to how we can verify this download and possible mirror it. To...

Bypassing user consent with 'prompt=none' does not work

2

When trying to suppress the OAUTH2 user consent page with the `prompt=none` as an argument with the Authorization Request AM still returns a `interaction_required` error. `prompt=none` is part of the...

Evaluate and fix issue known to OpenAM as #201801-04

1

Since we share a common heritage with OpenAM the issue described [here](https://backstage.forgerock.com/knowledge/kb/article/a31060891) as "Issue #201801-04: Open Redirect" probably affects wren:AM too. We need to evaluate if and how this issue...

Since we share a common heritage with OpenAM the issue described [here](https://backstage.forgerock.com/knowledge/kb/article/a31060891) as "Issue #201801-12: Content Spoofing Vulnerability" probably affects wren:AM too. We need to evaluate if and how this...

Since we share a common heritage with OpenAM the issue described [here](https://backstage.forgerock.com/knowledge/kb/article/a31060891) as "Issue #201801-11: Business Logic Vulnerability" probably affects wren:AM too. We need to evaluate if and how this...