-
Notifications
You must be signed in to change notification settings - Fork 351
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filters/auth: allow insecure grant flow #2457
Conversation
👍 |
In theory, Eve stealing the data in the HTTP connection between Alice (client) and Bob (server) could steal ztoken of Alice and authenticate herself as Alice, couldn't she? |
That is correct. The feature is meant for local testing. |
Related #1775 |
Build failed with
looks related to testcontainers/testcontainers-go#1359 |
Add a flag to allow insecure grant flow: * issue token cookie without secure attribute * use http schem for callback url Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
d34833b
to
d40e950
Compare
👍 |
1 similar comment
👍 |
Add a flag to allow insecure grant flow: