github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-13 03:47:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
887 Commits 2 Branches 0 Tags
ecad15256da47aa44401b4c2cf40ea128daf9637
Commit Graph

9 Commits

Author SHA1 Message Date
Trong Huu Nguyen
35e4953557 fix(session/redis): skip setup if otel is not enabled 2023-11-28 10:08:31 +01:00
J-K. Solbakken
894cc35e47 telemetry for redis 2023-11-23 13:16:43 +01:00
Trong Huu Nguyen
8bbd947d5b feat(config): add support for Redis URI 2023-10-10 14:48:50 +02:00
Trong Huu Nguyen
db391a9e44 refactor(session/store): consolidate session errors and use multi-error wrapping 2023-02-21 10:06:44 +01:00
Trong Huu Nguyen
61a7a8f161 refactor: clean up errors and reverseproxy logging 2023-02-10 14:57:53 +01:00
Trong Huu Nguyen
ed56aac3d0 style: follow conventions for error variable names 2022-09-19 08:41:23 +02:00
Trong Huu Nguyen
c0138f4b49 feat(session): use locks for refreshing 
One of the changes in OAuth 2.1 addresses attacks with refresh token
replays by recommending the use of one-time use tokens. A refresh token
is thus rotated and invalid after exactly one use, returning a new token
for each successful grant. Any further attempts must thus use the most
recently acquired refresh token. Reusing a refresh token may also
cause the authorization server to invalidate the current active refresh
token, requiring a refresh authorization grant to be reacquired for
further refresh token usage.

The use of locks prevents multiple refresh grant attempts for a given
session from happening across concurrent requests.
 2022-09-04 17:14:35 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00