Olivier Dumont f006ebe5e4 Fix open redirect vulnerability in authorize endpoint ...

Per OAuth 2.0 RFC 6749 §4.1.2.1, errors should NOT redirect to
unvalidated redirect_uri values. This fix:

- Returns JSON errors for failures before redirect_uri validation
  (missing parameters, invalid client)
- Only redirects to redirect_uri after it has been validated
  against registered client URIs
- Prevents open redirect attacks where malicious redirect_uri
  values could be used to redirect users to attacker-controlled sites

2025-12-30 12:40:01 +01:00

..

context_controller_test.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

context_controller.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

health_controller.go

feat: add health check command

2025-10-06 21:45:23 +03:00

oauth_controller.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

oidc_controller.go

Fix open redirect vulnerability in authorize endpoint

2025-12-30 12:40:01 +01:00

proxy_controller_test.go

feat: refresh session cookie when session is active (#540)

2025-12-26 17:55:54 +02:00

proxy_controller.go

feat: forward sub from oidc providers (#543)

2025-12-26 19:02:51 +02:00

resources_controller_test.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

resources_controller.go

feat: add option to disable resources server

2025-09-22 15:52:43 +03:00

user_controller_test.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00

user_controller.go

refactor: use proper module name (#542)

2025-12-26 17:53:24 +02:00