Skip to content

Enhance: refactoring code to address security #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ibuildthecloud merged 2 commits into from
Aug 25, 2025
Merged

Enhance: refactoring code to address security #12

ibuildthecloud merged 2 commits into from
Aug 25, 2025

Conversation

@StrongMonkey
Copy link
Contributor

@StrongMonkey StrongMonkey commented Aug 25, 2025
edited
Loading

  • Generate key-pair state value so that actual state req data are opaque to end user
  • Bring back token_endpoint_auth_method to support none and client_secret_post
  • Make sure encryption is working e2e
  • Use raw url encoding to generate token
  • Centralized load method to load all env variables needed
  • UserInfo is optional when profile and email scopes are missing

@StrongMonkey
Enhance: refactoring code to address security
5810dd2 
Signed-off-by: Daishan Peng <daishan@acorn.io>
ibuildthecloud
ibuildthecloud reviewed Aug 25, 2025
View reviewed changes
@StrongMonkey
Address comment
88dc411 
Signed-off-by: Daishan Peng <daishan@acorn.io>
@ibuildthecloud ibuildthecloud merged commit 0f634ac into master Aug 25, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ibuildthecloud ibuildthecloud ibuildthecloud left review comments

@thedadams thedadams Awaiting requested review from thedadams

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@StrongMonkey @ibuildthecloud