Firstyear
Firstyear
Like another option could be to have a "delay" that when typing stops for some small time, we can submit the pw for check to an end point to get...
> @yaleman True. Can you use [OPAQUE](https://blog.cloudflare.com/opaque-oblivious-passwords/) here? No because then we never see the password so we can't enforce strength rules on it. OPAQUE is a PAKE (Password Authenticated...
Yeah if I get time I want to add this api soon.
As a reminder https://github.com/kanidm/kanidm/pull/3847 is now done if you want to update the PR.
> I would like to be able to customize the CORS headers by introducing a new option to the configuration and default to `Authorization` The real question here is *why*...
I tested on 1.8.3 and the consent prompt worked fine - can you attempt this again with the browser inspector to determine if some other factor is involved? Are there...
Yeah, it's a debianism (that I dont like) that services are expected to start on install. I think unixd-tasks should *not* be started by default - unixd will trigger it...
Focus on the oauth2 file and writing tests next I'd say, that's going to direct/guide a lot of this.
The reset token flow uses no session data - thats why the token use shows bobs data and updates bobs credentials. When you complete the flow, the existing session of...
So I think the question is what do we want to do here - I personally don't think there is anything "wrong" with the workflow as is - it's isolated...