oauth example doesn't validate CSRF token #2511

davidpdrsn · 2024-01-13T13:38:53Z

The CSRF token generated here needs to be validated for login attemps. The oauth example currently doesn't do that.

Thank you to Nicolas Ettlin for reporting this issue

loganbnielsen · 2024-01-18T00:17:29Z

I can give this a go if that's alright

davidpdrsn · 2024-01-18T06:18:37Z

@loganbnielsen thank you!

loganbnielsen · 2024-01-25T16:24:02Z

Made PR #2534

davidpdrsn added E-help-wanted Call for participation: Help is requested to fix this issue. E-medium Call for participation: Experience needed to fix: Medium / intermediate labels Jan 13, 2024

davidpdrsn mentioned this issue Jan 13, 2024

Add note about missing CSRF validation in oauth example #2512

Merged

davidpdrsn closed this as completed in #2512 Jan 13, 2024

jplatte reopened this Jan 13, 2024

jplatte assigned loganbnielsen Jan 18, 2024

loganbnielsen mentioned this issue Jan 25, 2024

Implement CSRF token verification for OAuth example #2534

Open

yinho999 mentioned this issue Feb 8, 2024

Oauth Implementation loco-rs/loco#416

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

oauth example doesn't validate CSRF token #2511

oauth example doesn't validate CSRF token #2511

davidpdrsn commented Jan 13, 2024 •

edited

loganbnielsen commented Jan 18, 2024

davidpdrsn commented Jan 18, 2024

loganbnielsen commented Jan 25, 2024

oauth example doesn't validate CSRF token #2511

oauth example doesn't validate CSRF token #2511

Comments

davidpdrsn commented Jan 13, 2024 • edited

loganbnielsen commented Jan 18, 2024

davidpdrsn commented Jan 18, 2024

loganbnielsen commented Jan 25, 2024

davidpdrsn commented Jan 13, 2024 •

edited