oauth2_proxy

Author	SHA1	Message	Date
Mike Bland	ad3c9a886f	Pass the access token to the upstream client This is accomplished by encoding the access_token in the auth cookie and unpacking it as the X-Forwarded-Access-Token header for upstream requests.	2015-04-03 15:32:01 -04:00
Vikrum Nijjar	ad57a9391f	Fixed timing attack in cookie validation. - Changed from using string == to hmac.Equal - See more details here: http://verboselogging.com/2012/08/20/a-timing-attack-in-action	2014-11-08 13:16:39 -05:00
Jehiah Czebotar	fb636396a3	initial code import	2012-12-10 20:59:23 -05:00

Author

SHA1

Message

Date

Mike Bland

ad3c9a886f

Pass the access token to the upstream client

This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.

2015-04-03 15:32:01 -04:00

Vikrum Nijjar

ad57a9391f

Fixed timing attack in cookie validation.

- Changed from using string == to hmac.Equal
- See more details here: http://verboselogging.com/2012/08/20/a-timing-attack-in-action

2014-11-08 13:16:39 -05:00

Jehiah Czebotar

fb636396a3

initial code import

2012-12-10 20:59:23 -05:00