lastlogin-net / obligator Public

Notifications You must be signed in to change notification settings
Fork 15
Star 693

Code
Issues 19
Pull requests
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Issues: lastlogin-net/obligator

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

19 Open 12 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

I think we're accepting redirects to http:// hosts other than localhost

#39 opened Sep 24, 2024 by anderspitman

Flesh out config setup

#37 opened Aug 29, 2024 by anderspitman

Looks like the email login cookie is set on lastlogin.io, not .lastlogin.io

#34 opened Aug 20, 2024 by anderspitman

Delete return URI cookie after use

#33 opened Aug 19, 2024 by anderspitman

Check if user is valid for all page loads, not just during login

#32 opened Aug 19, 2024 by anderspitman

Implement refresh tokens enhancement

New feature or request

#29 opened May 27, 2024 by anderspitman

Using Obligator to protect apps

#25 opened Mar 31, 2024 by MitPitt

lastlogin.io demo sends emails with invalid magic links

#24 opened Mar 14, 2024 by BasMichielsen

TLSAuth parameter for SMTP enhancement

New feature or request

#19 opened Jan 18, 2024 by SystemFuchs

Add Impersonation?

#18 opened Jan 17, 2024 by dm17

Need to properly validate URL params at token endpoint. Currently only requiring the code

#15 opened Nov 7, 2023 by anderspitman

Encrypt all cookies

#14 opened Oct 30, 2023 by anderspitman

Implement login cookie editor

#13 opened Oct 30, 2023 by anderspitman

Document that obligator intentionally violates draft-ietf-oauth-security-topics-24 4.1.3 by allowing any redirect URI that is a suffix of the client_id domain

#12 opened Oct 30, 2023 by anderspitman

Should probably just remove the state parameter for upstream requests

#10 opened Oct 30, 2023 by anderspitman

Implement scoping control for all cookies

#8 opened Oct 28, 2023 by anderspitman

suggestion for future consideration: WebAuthN FIDO2 (passkeys)

#6 opened Oct 17, 2023 by OperativeThunny

Maybe add https://github.com/panva/node-oidc-provider to the table

#3 opened Oct 13, 2023 by anderspitman

Compare with IdentityServer

#1 opened Oct 12, 2023 by stevefan1999-personal

ProTip! Follow long discussions with comments:>50.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly