Márk Sági-Kazár
1cc26fab2f
Merge pull request #2468 from flant/cwe-79-device-code
...
fix: prevent cross-site scripting for the device flow
2022-06-30 22:52:33 +03:00
Shivansh Vij
cbf158bcc0
Fixes https://github.com/dexidp/dex/issues/2537
...
Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
2022-05-26 15:49:49 -04:00
m.nabokikh
3d5a3befb4
fix: prevent cross-site scripting for the device flow
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-05-20 18:26:49 +04:00
m.nabokikh
dea1d3383c
Deprecation warning log message
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-24 19:40:28 +04:00
m.nabokikh
3bd0e91a68
Make /device/token deprecation warning more concise
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-25 11:53:25 +04:00
m.nabokikh
9ed5cc00cf
Add deprecation warning for /device/token endpoint
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-24 17:14:28 +04:00
m.nabokikh
1211a86d58
fix: use /token endpoint to get tokens with device flow
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-24 16:03:25 +04:00
Márk Sági-Kazár
1c551fd86b
Merge pull request #1946 from flant/prealloc-unparam-sqlclosecheck
...
Enable unparam, prealloc, sqlclosecheck linters
2021-02-10 13:24:47 +01:00
m.nabokikh
a7978890c7
Add Cache-control headers to token responses
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-01-18 11:13:28 +04:00
m.nabokikh
b2e9f67edc
Enable unparam, prealloc, sqlclosecheck linters
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-01-15 19:29:13 +04:00
m.nabokikh
1d83e4749d
Add gocritic
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2020-10-18 01:54:27 +04:00
justin-slowik
9a7926c19b
Cleaned up Device Flow test log levels
...
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
Remove extraneous "=" from conformance.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Additional test for TestHandleDeviceCode
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-07-21 16:01:08 -04:00
justin-slowik
9882ea453f
better support for /device/callback redirect uris with public clients.
...
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-07-08 16:25:06 -04:00
Justin Slowik
9c699b1028
Server integration test for Device Flow ( #3 )
...
Extracted test cases from OAuth2Code flow tests to reuse in device flow
deviceHandler unit tests to test specific device endpoints
Include client secret as an optional parameter for standards compliance
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-07-08 16:25:05 -04:00