State parameter length issue when working with spring security oauth2 #267

pragkent · 2018-05-16T03:18:58Z

The default state generator of spring security oauth2 library generates state with length of 6 which is less than the MinParameterEntropy(which is 8). check code here

I wonder that if it's possible to adjust MinParameterEntropy? or make it configurable?

The text was updated successfully, but these errors were encountered:

aeneasr · 2018-05-16T09:33:42Z

Making it configurable would be an option

pragkent · 2018-05-23T02:52:40Z

Any thought of how to implement it?
My first thought was making MinParameterEntropy a variable instead of a const.

aeneasr · 2018-05-25T09:51:05Z

Yeah, just add a Fosite.GetMinParameterEntropy() function which returns either MinParameterEntropy, or - if set - the value of e.g. Fosite.MinParameterEntropy which can be set when initializing the struct.

mitar · 2020-08-13T06:16:16Z

I made #461 to address this.

Closes #267

mitar mentioned this issue Aug 13, 2020

feat: Allows configuring MinParameterEntropy #461

Merged

5 tasks

aeneasr closed this as completed in #461 Aug 21, 2020

aeneasr pushed a commit that referenced this issue Aug 21, 2020

feat: make MinParameterEntropy configurable (#461)

2c793e6

Closes #267

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

State parameter length issue when working with spring security oauth2 #267

State parameter length issue when working with spring security oauth2 #267

pragkent commented May 16, 2018

aeneasr commented May 16, 2018

pragkent commented May 23, 2018

aeneasr commented May 25, 2018

mitar commented Aug 13, 2020

State parameter length issue when working with spring security oauth2 #267

State parameter length issue when working with spring security oauth2 #267

Comments

pragkent commented May 16, 2018

aeneasr commented May 16, 2018

pragkent commented May 23, 2018

aeneasr commented May 25, 2018

mitar commented Aug 13, 2020