Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add state parameter for oauth2 #1512

Merged
merged 1 commit into from
May 13, 2020
Merged

fix: add state parameter for oauth2 #1512

merged 1 commit into from
May 13, 2020

Conversation

stregouet
Copy link
Contributor

state parameter is recommended with oauth2 authentification to mitigate CSRF attacks (see auth0 doc).
hydra will throw the following error message if state is missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

closes #1511

@stregouet
fix: add state parameter for oauth2
6ff6d21 
state parameter is recommended with oauth2 authentification
to mitigate CSRF attacks (see [1]).
hydra [2] will throw the following error message if state is
missing:

  description="The state is missing or has less than 8 characters and is therefore considered too weak" error=invalid_state hint="Request
 parameter \"state\" must be at least be 8 characters long to ensure sufficient entropy."

[1]: https://auth0.com/docs/protocols/oauth2/oauth-state
[2]: https://www.ory.sh/hydra/

Signed-off-by: Samuel Trégouët <samuel.tregouet@gmail.com>
@a60814billy
Copy link
Member

Thanks @stregouet !

@a60814billy a60814billy merged commit 54ab0a0 into hackmdio:develop May 13, 2020
@stregouet
Copy link
Contributor Author

stregouet commented May 14, 2020
edited
Loading

Thanks for reviewing and merging :)
Do you have any idea when it will be released?

@Yukaii Yukaii added this to the 2.1.0 milestone May 18, 2020
haslersn added a commit to haslersn/codimd-server that referenced this pull request Oct 18, 2020
@haslersn
fix(oauth2): add state parameter
b442477 
This is a port of: hackmdio/codimd#1512
@haslersn haslersn mentioned this pull request Oct 19, 2020
Closed
haslersn added a commit to haslersn/codimd-server that referenced this pull request Oct 19, 2020
@haslersn
fix(oauth2): add state parameter
6a0cb17 
This is a port of: hackmdio/codimd#1512

Signed-off-by: haslersn <sebastian.hasler@gmx.net>
@petrm petrm mentioned this pull request Apr 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.1.0
Development

Successfully merging this pull request may close these issues.

oauth2 and hydra
3 participants
@stregouet @a60814billy @Yukaii