Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assign clients different consent urls #378

Closed
janekolszak opened this issue Feb 13, 2017 · 3 comments
Closed

Assign clients different consent urls #378

janekolszak opened this issue Feb 13, 2017 · 3 comments
Labels
feat New feature or request.

Comments

@janekolszak
Copy link

Hi,
As discussed on Slack I could implement multiple consent urls - one per client. This issue is the place I'd ask questions.

So should I make changes in fosite as well?
@aeneasr
Copy link
Member

aeneasr commented Feb 16, 2017

There are no changes require in fosite. Instead, we need a consent url here and use that value (if it exists) here

@aeneasr aeneasr added the feat New feature or request. label Feb 24, 2017
@aeneasr aeneasr mentioned this issue Feb 25, 2017
Closed
@janekolszak
Copy link
Author

I think I need to change something in fosite.

I can't find a way to get hydra Client, but I see fosite Client is available.
https://github.com/ory/hydra/blob/master/oauth2/handler.go#L192

@aeneasr
Copy link
Member

aeneasr commented Jun 5, 2017

This issue is no longer valid. The risky part of this is that third party clients could register malicious consent apps for phishing user passwords. Adding ACL to this piece complicates the hydra set up more and adds a potential security hole. Thus, this will not be supported in Hydra.

@aeneasr aeneasr closed this as completed Jun 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat New feature or request.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@janekolszak @aeneasr