Mike Bland
|
9887ac3be5
|
Refactor cookie building and parsing
Extracts buildCookieValue() and parseCookieValue() from OauthProxy.ServeHTTP()
and adds tests for both.
|
2015-04-07 05:53:41 -04:00 |
|
Mike Bland
|
ad3c9a886f
|
Pass the access token to the upstream client
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
|
2015-04-03 15:32:01 -04:00 |
|
Vikrum Nijjar
|
ad57a9391f
|
Fixed timing attack in cookie validation.
- Changed from using string == to hmac.Equal
- See more details here: http://verboselogging.com/2012/08/20/a-timing-attack-in-action
|
2014-11-08 13:16:39 -05:00 |
|
Jehiah Czebotar
|
fb636396a3
|
initial code import
|
2012-12-10 20:59:23 -05:00 |
|