Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Think through de-duplicating dynamic clients based on their software_id #23

Open
TimothyBJacobs opened this issue May 7, 2020 · 0 comments
Open

Think through de-duplicating dynamic clients based on their software_id #23

TimothyBJacobs opened this issue May 7, 2020 · 0 comments
Labels
enhancement New feature or request help wanted Extra attention is needed
Milestone
Merge Proposal

Comments

@TimothyBJacobs
Copy link
Member

Right now, the plugin looks for an existing client for the dynamic client by using it's software_id. We should think through the possible ramifications for this, and if it is the correct way to de-duplicate.

For instance, what could happen if an attacker created a client with someone else's software_id.

@rmccue brought up looking at redirect_uris to handle browser based clients ( IIRC ).
@TimothyBJacobs TimothyBJacobs added enhancement New feature or request help wanted Extra attention is needed labels May 7, 2020
@TimothyBJacobs TimothyBJacobs added this to the Merge Proposal milestone May 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
Merge Proposal
Development

No branches or pull requests
1 participant
@TimothyBJacobs