New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IClientDescription should allow for hashed client secrets #92

Closed
AArnott opened this Issue Mar 15, 2012 · 2 comments

Comments

Projects
None yet
1 participant
@AArnott
Member

AArnott commented Mar 15, 2012

The IClientDescription.Secret property denies authorization servers the possibility of storing hashes of client secrets. We could change that to an IClientDescription.IsValidSecret(string) method so that the hosting server can choose any validation routine they'd like.

@ghost ghost assigned AArnott Mar 15, 2012

@AArnott

This comment has been minimized.

Show comment
Hide comment
@AArnott

AArnott Mar 18, 2012

Member

Ah, but do this in such a way that it's easy to do it right, considering we would want a constant time string equality check inside that IsValidSecret method.

Member

AArnott commented Mar 18, 2012

Ah, but do this in such a way that it's easy to do it right, considering we would want a constant time string equality check inside that IsValidSecret method.

@AArnott

This comment has been minimized.

Show comment
Hide comment
@AArnott

AArnott Apr 1, 2012

Member

I'm whipping this up today.

Member

AArnott commented Apr 1, 2012

I'm whipping this up today.

@AArnott AArnott closed this in cc78ccd Apr 1, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment