This repository has been archived by the owner on Dec 20, 2020. It is now read-only.
PBAL: Does not validate nonce and state on OAuth flow #5
Comments
koolin
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
PBAL implementation on authorize does not set and cache nonce and state to unique values. On receipt of iframe hash does not validate state and does not inspect id token or access token for nonce.
The text was updated successfully, but these errors were encountered: