Comments (4)
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
I think this is still relevant, though I'm not sure how many people are using the provider. @timothy-spencer do you have any time to implement a fix for this?
from oauth2-proxy.
There might be a couple of folks using it, but truthfully, it's probably mostly me. :-)
I am currently engaged in other work, but may have some time coming up in a month or so to dig into this. I remember when I created this issue that it looked like it would require a lot of restructuring to do, so I think i was hoping for somebody with a bit more authority to change the architecture to build or point out a more general system for getting a per-session nonce.
It's definitely an improvement that would make things more secure, so it is still relevant. Anyways, I'll see if I can get some time to look into this soon. Thanks for the ping!
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Related Issues (20)
- [Support]: Synology basic reverse proxy and sso server => oauth2-proxy => another docker application to protect by auth HOT 1
- [Support]: Getting CRSF cookie or cookie limit 4kb error HOT 2
- [Feature]: auto refresh token HOT 5
- "403: You do not have permission to access this resource." but only for some users HOT 1
- [Bug]: Docs - htpasswd-file description does not mention SHA1 encryption HOT 2
- [Bug]: 500 (Internal Server Error) on invalid cookie
- [Bug]: Infinite loop if the Csrf cookie is set twice
- [Support]: nginx + oauth2-proxy, logout configuration
- [Feature]: options for add files in /oauth2/static/ HOT 4
- [Feature]: Guides for rauthy and/or authelia
- [Bug]: Unable to use hyphen in JSON path for oidc-groups-claim option
- [Bug]: Invalid authentication via OAuth2 via Github for the owner of the organisation HOT 6
- [Bug]: Possible typo in source code for static upstreams HOT 2
- [Bug]: Incomplete source of request urls for skip_auth_routes feature
- [Bug]: Redirect after second google login to home page not working
- [Support]: 401 Authorization Required even finished authentication HOT 1
- [Feature]: use username (or any other attribute from the provider) in basic auth header instead of the ID
- [Feature]: JWT validation only mode HOT 7
- [Bug]: An invalid redirect to a non-whitelisted domain creates a valid session cookie after redirecting to "/"
- Pass bearer token to the backend with nginx
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.