feat: optional oauth2 module nonce toggle
This commit is contained in:
parent
12233c476d
commit
5f876ced20
@ -19,7 +19,7 @@ module.exports = {
|
||||
callbackURL: conf.callbackURL,
|
||||
passReqToCallback: true,
|
||||
scope: conf.scope,
|
||||
state: true
|
||||
state: conf.enableCSRFProtection
|
||||
}, async (req, accessToken, refreshToken, profile, cb) => {
|
||||
try {
|
||||
const user = await WIKI.models.users.processProfile({
|
||||
|
@ -70,3 +70,9 @@ props:
|
||||
title: Pass access token via GET query string to User Info Endpoint
|
||||
hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header.
|
||||
order: 11
|
||||
enableCSRFProtection:
|
||||
type: Boolean
|
||||
default: true
|
||||
title: Enable CSRF protection
|
||||
hint: Pass a nonce state parameter during authentication to protect against CSRF attacks.
|
||||
order: 12
|
||||
|
Loading…
Reference in New Issue
Block a user