Vladislav Babkin
Vladislav Babkin
If we do a request with non-existing client_id in the sample server, we get the following response: ``` $ curl 'http://localhost:9096/token?grant_type=client_credentials&client_id=000000000&client_secret=11111111&scope=all' {"error":"server_error","error_description":"The authorization server encountered an unexpected condition that prevented...
There are at least 2 distinct cases - when we did not configure the user authorization handler, and when we did. For the first case, if we use the server...
It looks like JWTs are somewhat-mishandled by the library. After generating the JWT, it is stored exactly as-is in the database, and then checked by loading them from the database....
For example, when we use a refresh token, it gets regenerated along with access token. At this point both access and refresh token are no longer present (no references to...
Internally, token generation uses UUIDv3 and UUIDv5. RFC4122 recommends against using them as security credentials. Ref: https://en.wikipedia.org/wiki/Universally_unique_identifier#Versions_3_and_5_(namespace_name-based). Additionally, after generation they are base64-encoded and converted to uppercase, reducing entropy a...
Issue 1: in TPipeServer, the CloseHandle call happened on a None _handle after the super() call. Issue 2: Client raises an issue as described in https://github.com/osquery/osquery-python/issues/57, correct call seems to...
The library will break in different ways when scpd_url contains something other than url part beginning with /. In my specific example, a router prefixes the url with full url....