oauth

Asking about this since the NSA recently published guidance advising the public and private sectors to transition to cryptographic algorithms that are no less than sha384 & ec384 (elliptic curves).

While Edwards' Curves are different, its worth noting that prior to this update sha256 & secp256k1 were both on the list of acceptable cryptographic algorithms. My deduction was that 128-bit securit

Description 📓

https://github.com/nextauthjs/next-auth/blob/7636de4a340380c50dea39be3854d9b7d69be62b/packages/next-auth/src/next/middleware.ts#L84

Middleware is calling getToken directly without providing any decode methods. By getToken() uses jwtDecrypt from jose package, and it will probably throws error when the JWT is not signed in the same way. It will throw error when we p

On Windows, if the authentication flow isn't completed (failure, closed the browser, etc.) then the client keeps showing 'connecting' but doesn't show a clear action to restart authentication.

Clicking disconnect + connect, or log in as a different user will generate a new authentication link and unblock the user, but that's somewhat difficult to discover.

Options for improvement include adding

Is your feature request related to a problem? Please describe.

The public key-based request signing functionality added to sso_proxy in buzzfeed/sso#106 is undocumented. In particular, it's not immediately obvious how to a) generate an appropriate keypair or b) validate a signed request in an upstream service.

Describe the solution you'd like

New documenta

Hello

What would you like to be added

Currently the step-cli certificate fingerprint foo.pem command only outputs the fingerprint as a SHA256 hash. It would be convenient to have an option to display a SHA1 fingerprint instead.

Why this is needed

Azure Iot Hub services display the fingerprints as SHA1 hashes on the Azure portal, so it's not easy to compare both types of finge