Tobias Bengfort
Tobias Bengfort
1 digit codes are obviously insecure, yet `mauth` will happily accept them. The spec is unfortunately unclear about what to do in those cases. I propose to flag them as...
### Reduced Test Case https://files.ce9e.org/fullcalendar-csp.html ### Do you understand that if a reduced test case is not provided, we will intentionally delay triaging of your ticket? - [X] I understand...
### Reduced Test Case https://codepen.io/xi-the-bashful/pen/KwKXmmd ### Do you understand that if a reduced test case is not provided, we will intentionally delay triaging of your ticket? - [x] I understand...
### Issue Description May be related to #100. After some time after the login, I get logged out with the message "OAuth: An error occured during the request to the...
Another step towards fixing #161: This implements the `code_challenge` parameter as recommended/required by [OAuth 2.1](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-authorization-request). For now, `getCodeChallengeMethod()` always returns `null`. It is up to the specific provider implementation to...
depends on https://github.com/dokuwiki/dokuwiki/pull/4388
As a first, simple step to fix #161, I propose to enable the state parameter by default. In contrast to `nonce` and `code_challenge`, it is already implemented in lusitanian/oauth. `state`...
### Issue Description [OAuth 2.1](https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-12.html#name-preventing-csrf-attacks) requires that there is CSRF protection by using `state`, `nonce`, `code_challenge`, or a combination of those. It recommends to use at least `code_challenge`.
This plugin uses the email address as a primary identifier, which leads to multiple issues (e.g. #126). The writers of the OpenID Connect (OIDC) spec also figured that this was...
I looked at RDMO from a accessibility perspective and found some issues. For now I just collected all findings in this issue, but feel free to split this up into...