codimd

History

Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2 state parameter is recommended with oauth2 authentification to mitigate CSRF attacks (see [1]). hydra [2] will throw the following error message if state is missing: description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy." [1]: https://auth0.com/docs/protocols/oauth2/oauth-state [2]: https://www.ory.sh/hydra/ Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>	2020-05-11 15:59:49 +02:00
..
index.js	fix: add state parameter for oauth2	2020-05-11 15:59:49 +02:00
strategy.js	Support avatar for OAuth users	2020-03-12 13:48:18 +08:00

Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2

state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>

2020-05-11 15:59:49 +02:00

index.js

fix: add state parameter for oauth2

2020-05-11 15:59:49 +02:00

strategy.js

Support avatar for OAuth users

2020-03-12 13:48:18 +08:00