oauth2

Asking about this since the NSA recently published guidance advising the public and private sectors to transition to cryptographic algorithms that are no less than sha384 & ec384 (elliptic curves).

While Edwards' Curves are different, its worth noting that prior to this update sha256 & secp256k1 were both on the list of acceptable cryptographic algorithms. My deduction was that 128-bit securit

Description 📓

https://github.com/nextauthjs/next-auth/blob/7636de4a340380c50dea39be3854d9b7d69be62b/packages/next-auth/src/next/middleware.ts#L84

Middleware is calling getToken directly without providing any decode methods. By getToken() uses jwtDecrypt from jose package, and it will probably throws error when the JWT is not signed in the same way. It will throw error when we p

The repo containing the Dockerfile and the entrypoint is here.

If not for some particular exceptions, the status code returned from our WebAPI on error is always 500, regardless of the kind of error.

If an object already exists, for example, it should be returned as 409. If the object does not pass the schema validation, it should be a 415.

Go through the whole WebAPI and verify that the status codes are being returned correctly.

Hint: Error cl

Is your feature request related to a problem? Please describe.

The hydrator have only Basic auth - see config: https://www.ory.sh/oathkeeper/docs/pipeline/mutator/#configuration-4, however for more flexibility, similiar pre-authorization mechanism could ba added as in the instropsection authenticator handler: https://www.ory.sh/oathkeeper/docs/pipeline/mutator/#configuration-4

**Descri