oauth

The upstream pull got closed. It is referenced in:

• driver/registry_base.go#L246

This issue was created by the ORY Closed Reference Notifier GitHub action.

Description 📓

Partially based on this tweet https://twitter.com/t3dotgg/status/1413983193212981248 and closed issues like #969 #497 #525 (and highly probable interest), we should document a way to secure Preview environments.

Given the (unchecked) assumption that most of our users use OAuth as their main provider, the main challenge lies in that Preview environments usually have a dynami

On Windows, if the authentication flow isn't completed (failure, closed the browser, etc.) then the client keeps showing 'connecting' but doesn't show a clear action to restart authentication.

Clicking disconnect + connect, or log in as a different user will generate a new authentication link and unblock the user, but that's somewhat difficult to discover.

Options for improvement include adding

Is your feature request related to a problem? Please describe.

The public key-based request signing functionality added to sso_proxy in buzzfeed/sso#106 is undocumented. In particular, it's not immediately obvious how to a) generate an appropriate keypair or b) validate a signed request in an upstream service.

Describe the solution you'd like

New documenta

What would you like to be added

Add a step command to extract a crt and key from a .p12 file

Why this is needed

step certificate p12 can package a cert and keys to a .p12 file but there is not currently a way to extract the files once they are packaged.

The upstream issues got closed. It is referenced in: .nancy-ignore#L7