upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-18 16:45:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
nextcloud/lib/private/Authentication
History
Arthur Schiwon 02313013ad
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-12 19:28:57 +02:00
..
Events composer run cs:fix 2023-01-20 11:45:08 +01:00
Exceptions Update php licenses 2021-06-04 22:02:41 +02:00
Listeners composer run cs:fix 2023-01-20 11:45:08 +01:00
Login fix: Show error message when CSRF check fails at login 2023-12-04 19:09:01 +00:00
LoginCredentials composer run cs:fix 2023-01-20 11:45:08 +01:00
Notifications composer run cs:fix 2023-01-20 11:45:08 +01:00
Token fix(Session): avoid password confirmation on SSO 2024-06-12 19:28:57 +02:00
TwoFactorAuth AppAPI: allowed to bypass Two-Factor 2023-12-29 14:46:58 +02:00
WebAuthn composer run cs:fix 2023-01-20 11:45:08 +01:00