Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: updates oauth docs with rfc-6819 examples #1014

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

losandes
Copy link

@losandes losandes commented May 9, 2020

Summary

Updates the examples and documentation to implmenent RFC-6819 Section
5.3.5
: Link the "state" Parameter to User Agent Session. These examples demonstrate how to mitigate Cross Site Request Forgery (CSRF) by synchronizing all 3 parties (user, Slack, app) in the OAuth flow. Uses the synchronizer token pattern (STP) and a JWT embedded in a cookie to bind the token to the device.

NOTE: this is an alternate to #1013 that introduces no changes to the library; only to the examples

Requirements (place an x in each [ ])

Updates the examples and documentation to implmenent RFC-6819 Section
5.3.5: Link the "state" Parameter to User Agent Session.
@codecov
Copy link

codecov bot commented May 9, 2020

Codecov Report

Merging #1014 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1014   +/-   ##
=======================================
  Coverage   94.40%   94.40%           
=======================================
  Files          12       12           
  Lines         768      768           
  Branches      173      173           
=======================================
  Hits          725      725           
  Misses         14       14           
  Partials       29       29           
Flag Coverage Δ
#eventsapi 89.61% <ø> (ø)
#interactivemessages 95.04% <ø> (ø)
#webapi 96.36% <ø> (ø)
#webhook 87.50% <ø> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 88c3d86...6a46ca0. Read the comment docs.

@stevengill stevengill added the pkg:oauth applies to `@slack/oauth-helper` label May 18, 2020
@clavin clavin changed the base branch from master to main July 8, 2020 02:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pkg:oauth applies to `@slack/oauth-helper`
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants