-
I'm encountering difficulties accessing the security tokens required for our GitHub Actions workflow. Specifically, I do not have the necessary permissions to retrieve security tokens, such as GITHUB_…
-
Consider supporting temporary credentials as supplied by the IAM Instance Role functionality. This requires passing an additional Security Token field to the API:
http://docs.aws.amazon.com/STS/latest…
-
While discussing an [issue relating to OPDS Authentication](https://github.com/edrlab/thorium-reader/issues/2512) it was mentioned that OPDS Clients should be storing authorization tokens against the …
-
While writing documentation in #858 , I thought that the token model is a bit strange.
Tokens are good when used in invitation links: people can connect without knowing the private code, and so the…
zorun updated
2 years ago
-
Passwords are hashed In DB. I think it's good to hash also request tokens and publik link tokens in case of a database breach.
Just need to send the original string to the user before it's hashed. Th…
-
## Description
This task involves integrating the Reset Password API within the Policy Portal. The Reset Password API will allow users who have forgotten their passwords to securely reset them and re…
-
To address BCPs from https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#name-application-architecture-pa a suggestion is to add the following verifications. Note that this addre…
-
**Github username:** --
**Twitter username:** --
**Submission hash (on-chain):** 0x297c86451bc9a40e8c4654dea22a0d8ccf9d5e9e199a20103f5b1149bd674f94
**Severity:** high
**Description:**
**Description*…
-
Before setting the output and env var, the token should be marked as a secret to avoid leaking it in output
-
# Discovery:
With the implementation of JWT authentication in LibreChat, it's important to set up monitoring tools to ensure the system functions as expected. Monitoring should be in place to track a…