Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: remove usage of agama_flow param in plugin #8741

Merged
merged 1 commit into from
Jun 20, 2024

chore: remove usage of agama_flow param #8735

23254d0
Select commit
Loading
Failed to load commit list.
Merged

chore: remove usage of agama_flow param in plugin #8741

chore: remove usage of agama_flow param #8735
23254d0
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded Jun 19, 2024 in 5s

DryRun Security

Details

Authn/Authz Analyzer Findings: 2 detected

⚠️ Potential Authn/Authz Function Used or Modified jans-casa/plugins/acct-linking/src/main/java/io/jans/casa/plugins/acctlinking/vm/SiteRedirectVM.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code includes the 'io.jans.casa.misc.WebUtils' class, which likely contains functions related to authentication or authorization. Additionally, the 'io.jans.as.model.util.Base64Util' class is included, which could be used for handling authentication-related data, such as tokens or credentials.
Filename jans-casa/plugins/acct-linking/src/main/java/io/jans/casa/plugins/acctlinking/vm/SiteRedirectVM.java
CodeLink

jans/jans-casa/plugins/acct-linking/src/main/java/io/jans/casa/plugins/acctlinking/vm/SiteRedirectVM.java

Lines 3 to 9 in 23254d0

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.core.JsonProcessingException;
import io.jans.as.model.util.Base64Util;
import io.jans.casa.conf.OIDCClientSettings;
import io.jans.casa.misc.Utils;
import io.jans.casa.misc.WebUtils;
⚠️ Potential Authn/Authz Function Used or Modified jans-casa/plugins/acct-linking/src/main/java/io/jans/casa/plugins/acctlinking/vm/SiteRedirectVM.java (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function makeOAuthParams that appears to be related to authentication or authorization. The function takes in parameters related to an OAuth client and a provider, and constructs a map of custom parameters that include the acr_values key. This suggests that the function is involved in an authentication or authorization flow, likely related to OAuth or OpenID Connect.
Filename jans-casa/plugins/acct-linking/src/main/java/io/jans/casa/plugins/acctlinking/vm/SiteRedirectVM.java
CodeLink

jans/jans-casa/plugins/acct-linking/src/main/java/io/jans/casa/plugins/acctlinking/vm/SiteRedirectVM.java

Lines 145 to 151 in 23254d0

Map<String, String> custMap = new HashMap<>();
if (provider != null) {
custMap.put("acr_values", "agama_" + als.CASA_AGAMA_FLOW + "-" + buildFlowParams(provider));
}
//prompt is needed because the user could have previously linked an account and in a new
View more details on DryRunSecurity