Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iss Response Parameter #26

Merged
merged 5 commits into from
Dec 23, 2020
Merged

iss Response Parameter #26

merged 5 commits into from
Dec 23, 2020

Conversation

leastprivilege
Copy link
Member

@leastprivilege leastprivilege commented Dec 7, 2020
edited
Loading

Adds support for the iss response parameter for authorization code flows. This helps clients mitigate the "AS Mix-up Attack".

https://www.ietf.org/archive/id/draft-meyerzuselhausen-oauth-iss-auth-resp-02.html

@leastprivilege leastprivilege added this to the 5.0.0 milestone Dec 7, 2020
@leastprivilege leastprivilege self-assigned this Dec 7, 2020
@leastprivilege leastprivilege linked an issue Dec 7, 2020 that may be closed by this pull request
Add iss response parameter #10
Closed
@leastprivilege
Merge branch 'main' into features/iss_response_parameter
a6c1cb4 
* main: (37 commits)
  updated DiscoveryResponseGenerator
  updated IdentityServerTools
  updated LogoutNotificationService
  updated DefaultTokenService
  updated KeyManager
  updated private_key_jwt validator
  updated JwtRequestValidator
  updated TokenValidator
  changed to async
  use msft json serializer (away from newtonsoft)
  fix xml comment
  add DI, adjust tests, add to validate request
  add interface + service
  add support for ui_locales on end session endpoint
  add property to include jti, move jto creation to CreateSecurityTokenAsync, and handle older tokens that do not have new property
  Update PULL_REQUEST_TEMPLATE.md
  Update PULL_REQUEST_TEMPLATE.md
  add PR template
  update codeql
  Update ci.yml
  ...
@leastprivilege
remove httpcontext accessor in favour of new IssuerName property
af3f655
@leastprivilege
add test to check code response parameters
be281b5
@leastprivilege leastprivilege merged commit a8e69bd into main Dec 23, 2020
@leastprivilege leastprivilege deleted the features/iss_response_parameter branch December 23, 2020 15:14
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@brockallen brockallen Awaiting requested review from brockallen

Assignees

@leastprivilege leastprivilege

Labels
new feature
Projects
None yet
Milestone
5.0.0
Development

Successfully merging this pull request may close these issues.

Add iss response parameter
1 participant
@leastprivilege