Add `state` verification in login process

canonical / identity-platform-admin-ui

Admin UI for the Canonical identity broker and identity provider solution

Other

5 stars 4 forks source link

Add `state` verification in login process #322

Closed BarcoMasile closed 2 weeks ago

BarcoMasile commented 3 weeks ago

Description

Right now only nonce value gets checked during the login process. We need to also add state parameter verification. Hopefully as part of a CSRF protection implementation.

syncronize-issues-to-jira[bot] commented 3 weeks ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-920.

This message was autogenerated