Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google and Microsoft SSO should be using proper Authorization Code Flow #266

Open
ppelayo1 opened this issue Dec 3, 2021 · 0 comments
Open

Google and Microsoft SSO should be using proper Authorization Code Flow #266

ppelayo1 opened this issue Dec 3, 2021 · 0 comments
Labels
backend Issue related with the changes on the backend frontend node.js OAuth react Security

Comments

@ppelayo1
Copy link
Collaborator

ppelayo1 commented Dec 3, 2021

Currently the Google SSO, and the Microsoft SSO in a PR are using a front end library to get an Openid Connect IDToken. Better security could be achieved by properly following the Authorization Code Flow to obtain this IDToken.

This will involve rewriting both front and backend code, Pastport.js is a possible library to use for this goal. This will make the login process more secure.
@ppelayo1 ppelayo1 added react node.js OAuth frontend backend Issue related with the changes on the backend Security labels Dec 3, 2021
@ppelayo1 ppelayo1 changed the title Google and Microsoft SSO should be proper Authorization Code Flow Google and Microsoft SSO should be using proper Authorization Code Flow Dec 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Issue related with the changes on the backend frontend node.js OAuth react Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ppelayo1