-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### What happened?
A bug happened! We have multiple CNPs in a namespace with the same endpointSelector and w…
-
### Description
In WSO2 API Manager, by default, any path after the defined proxy path (i.e., the main API path) is passed to the destination endpoint (backend) as is. Therefore, if you have defined …
-
### Description
Add an additional test file to each module (e.g., `secure.test.bicep`) that executes a test of the given module using as many of its security properties as possible.
This may inc…
-
## Background
This issue is a follow-up to https://github.com/elastic/kibana/issues/161337 (PR: https://github.com/elastic/kibana/pull/162087)
We have left a number of HTTP APIs enabled in serverless…
-
# Prevent Unauthorized Cart Access After Session Expiry
**Issue Description:**
We have identified a potential security issue in our cart retrieval API. The current implementation may expose a logg…
-
### Feature or Problem Description
You are currently only able to supply client id, client secret and token endpoint when using sasl mechanism OAUTHBEARER.
However many identity providers requires…
-
**Description:**
> $subject
According to the OpenAPI specification documentation [1] developers can define Oauth2 `tokenUrl`, `refreshUrl`, or `authorizationUrl` as relative paths for the API base…
-
I found a problem (for me, it may not be considered a problem for others) that I do not see how I can solve properly.
If I do an initial authentication with email/password to retrieve a JWT token, I …
-
I'd like to raise a concern with including CIBA in the OAuth Flow Object in 3.2.0.
I understand that CIBA can, feasibly, be implemented using bare OAuth 2.0 but realistically it's an OpenID Connect…
-
## Context
We are implementing a pseudonym management system as part of the "Develop Privacy-Focused OIDC Server" epic. This work primarily addresses User Story 2: Pseudonym Generation, but also impac…