lastlogin-net/obligator

Issues

• Flesh out config setup

  #37 opened 3 months ago by anderspitman
  0

• I think we're accepting redirects to http:// hosts other than localhost

  #39 opened 3 months ago by anderspitman
  0

• Implement refresh tokens

  #29 opened 7 months ago by anderspitman
  1

• Upgrade 0.2.0 to 0.3.0 fails with "Failed parse JSON" error

  #36 opened 3 months ago by poVoq
  7

• Looks like the email login cookie is set on lastlogin.io, not .lastlogin.io

  #34 opened 4 months ago by anderspitman
  0

• Delete return URI cookie after use

  #33 opened 4 months ago by anderspitman
  0

• Check if user is valid for all page loads, not just during login

  #32 opened 4 months ago by anderspitman
  0

• Refresh token support?

  #28 opened 6 months ago by btrepp
  9

• usage with cli tools

  #27 opened 7 months ago by btrepp
  2

• lastlogin.io demo sends emails with invalid magic links

  #24 opened 9 months ago by BasMichielsen
  8

• [feedback] Kanidm comparison table line items

  #26 opened 8 months ago by Firstyear
  4

• Using Obligator to protect apps

  #25 opened 8 months ago by MitPitt
  7

• Provide some sort of username in /userinfo

  #23 opened 9 months ago by jzbor
  1

• Add Impersonation?

  #18 opened a year ago by dm17
  2

• TLSAuth parameter for SMTP

  #19 opened a year ago by SystemFuchs
  1

• Implement dynamic client registration

  #11 opened a year ago by anderspitman
  1

• Implement copying logins when sharing via QR

  #16 opened a year ago by anderspitman
  1

• Fix QR issues

  #17 opened a year ago by anderspitman
  1

• Add Portier to the table

  #9 opened a year ago by anderspitman
  1

• Need to properly validate URL params at token endpoint. Currently only requiring the code

  #15 opened a year ago by anderspitman
  0

• Add proper lifetimes to JWT cookies

  #7 opened a year ago by anderspitman
  0

• Encrypt all cookies

  #14 opened a year ago by anderspitman
  0

• Implement login cookie editor

  #13 opened a year ago by anderspitman
  0

• Document that obligator intentionally violates draft-ietf-oauth-security-topics-24 4.1.3 by allowing any redirect URI that is a suffix of the client_id domain

  #12 opened a year ago by anderspitman
  0

• Should probably just remove the state parameter for upstream requests

  #10 opened a year ago by anderspitman
  0

• Consider adding OpenZiti for application-embedded security

  #4 opened a year ago by dovholuknf
  1

• suggestion for future consideration: WebAuthN FIDO2 (passkeys)

  #6 opened a year ago by OperativeThunny
  1

• Implement scoping control for all cookies

  #8 opened a year ago by anderspitman
  0

• Docker repo is 404

  #5 opened a year ago by MitPitt
  2

• Maybe add https://github.com/panva/node-oidc-provider to the table

  #3 opened a year ago by anderspitman
  0

• Compare with IdentityServer

  #1 opened a year ago by stevefan1999-personal
  0