codimd/lib/auth
Samuel Trégouët 6ff6d215ab fix: add state parameter for oauth2
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
2020-05-11 15:59:49 +02:00
..
bitbucket refactor: remove web folder 2020-01-06 14:19:02 +08:00
dropbox refactor: remove web folder 2020-01-06 14:19:02 +08:00
email prevert directly call of User.hashPassword() 2020-04-20 00:04:13 +08:00
facebook refactor: remove web folder 2020-01-06 14:19:02 +08:00
github refactor: remove web folder 2020-01-06 14:19:02 +08:00
gitlab refactor: remove web folder 2020-01-06 14:19:02 +08:00
google feat: support hostedName in google OAuth 2.0 provider 2020-02-28 17:53:04 +08:00
ldap refactor: change errorBadRequest function signature to avoid parameter passing error 2020-02-26 11:22:59 +08:00
mattermost refactor: remove web folder 2020-01-06 14:19:02 +08:00
oauth2 fix: add state parameter for oauth2 2020-05-11 15:59:49 +02:00
openid refactor: remove web folder 2020-01-06 14:19:02 +08:00
saml refactor: remove web folder 2020-01-06 14:19:02 +08:00
twitter refactor: remove web folder 2020-01-06 14:19:02 +08:00
index.js refactor: remove web folder 2020-01-06 14:19:02 +08:00
utils.js refactor: remove web folder 2020-01-06 14:19:02 +08:00