Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Block authentication flow originating from a web view (mobile app) #3204

Merged
merged 1 commit into from
Dec 5, 2022
Merged

Feature: Block authentication flow originating from a web view (mobile app) #3204

merged 1 commit into from
Dec 5, 2022

Conversation

Milton-Ch
Copy link
Contributor

@Milton-Ch Milton-Ch commented Dec 4, 2022
edited
Loading

Prepare

Description

feat: block authentication flow originating from a web view (mobile app).

Target issue

closes #3016

Implementation Details

Added a new validateNotWeview method and also a new configuration parameter blockWebviewAuthorizationEnabled (default is false).
The method validation is based on request header, if there is X-Requested-With header then it is a request originated from a web view.

Closes #3205,

@mo-auto mo-auto mentioned this pull request Dec 4, 2022
Closed
@mo-auto
Copy link
Member

mo-auto commented Dec 4, 2022

Error: Hi @Milton-Ch, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto added comp-jans-auth-server Component affected by issue or PR comp-jans-linux-setup Component affected by issue or PR labels Dec 4, 2022
@sonarcloud
Copy link

sonarcloud bot commented Dec 4, 2022

[jans-linux-setup] Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@sonarcloud
Copy link

sonarcloud bot commented Dec 4, 2022

[Jans authentication server parent] Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@yuriyz yuriyz marked this pull request as ready for review December 5, 2022 09:17
@yuriyz yuriyz merged commit e48380e into main Dec 5, 2022
@yuriyz yuriyz deleted the feat/block-authn-from-webview branch December 5, 2022 09:17
This was referenced Jan 9, 2023
Merged
Merged
@mo-auto mo-auto mentioned this pull request Jan 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@devrimyatar devrimyatar Awaiting requested review from devrimyatar devrimyatar is a code owner

@smansoft smansoft Awaiting requested review from smansoft

@yurem yurem Awaiting requested review from yurem yurem is a code owner

Assignees
No one assigned
Labels
comp-jans-auth-server Component affected by issue or PR comp-jans-linux-setup Component affected by issue or PR
Projects
None yet
Milestone
No milestone
3 participants
@Milton-Ch @mo-auto @yuriyz