Warren Parad
Warren Parad
_I wrote a lot of other things here, but I think it would be more helpful to jump to an actual concrete proposal:_ And it's important for first agree on...
> I don't think a thing like DBSC can take off unless it is realistically deployable within such existing real-world constraints. For settings where you can do anything you want...
OAuth2 works with the following required user-device server communication: * Start Authentication Request (canonically `/authorize` endpoint) - Receives a one time use code and ~5 other custom properties * Complete...
> It's not used at all in the Browser-based OAuth 2 Client architecture, which is vulnerable to refresh token and access token theft, and if you're concerned about those, then...
Obviously (1) is what DBSC is designed as a countermeasure. But your (2) isn't clear what you mean. Can you expand on how you would expect this to happen? >...
DBSC prevents exfiltrated cookies from having any value, so session hijacking is exactly what DBSC prevents, since the cookies are no longer useble and there will be no way* to...
The proposal is to amend how cookies would be utilized, historically the session cookie would be very long lived and stealing it would mean an attacker could steal the generation...
It works for me using usb, sometimes, it is really flakely, but bluetooth never works it seems.
@stefinie123, I didn't find any good way to modify the theming of the components available in swagger-ui. That is one of the reasons why we switched libraries to one like...
302 feels right, but may cause the wrong things to happen in browsers/clients that handle this differently. Since the DBSC process starts authentication, wouldn't it make sense that the www-authenticate...