Ticket #54 (closed enhancement: fixed)

Opened 10 months ago

Last modified 9 months ago

Add TTL check to request token handling at SPs

Reported by: http://blog.nerdbank.net/ Owned by: http://blog.nerdbank.net/
Priority: major Milestone: v3.0.3
Component: OAuth Version: v3.0.0 RTW
Keywords: SP Cc:

Description

Request tokens should be short-lived as a security mitigation. DNOA currently relies on the SP to do this work, but DNOA can help enforce this by adding an age check, and have a host-configurable TTL for the request tokens.

Change History

Changed 9 months ago by http://blog.nerdbank.net/

  • status changed from new to accepted

Since this will cause a breaking change in the SP, and we're already introducing a breaking change in 3.0.3, it definitely seems like this is the right time to make this enhancement.

Changed 9 months ago by http://blog.nerdbank.net/

  • status changed from accepted to closed
  • resolution set to fixed

v3.0 42ec2388

Note: See TracTickets for help on using tickets.