Skip to content

Commit

Permalink
Script updating archive at 2024-05-02T00:05:03Z. [ci skip]
Browse files Browse the repository at this point in the history
  • Loading branch information
ID Bot committed May 2, 2024
1 parent c0f8a5f commit 8071081
Showing 1 changed file with 42 additions and 29 deletions.
71 changes: 42 additions & 29 deletions archive.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"magic": "E!vIA5L86J2I",
"timestamp": "2024-04-30T00:04:18.722610+00:00",
"timestamp": "2024-05-02T00:04:59.834830+00:00",
"repo": "oauth-wg/oauth-browser-based-apps",
"labels": [
{
Expand Down Expand Up @@ -518,22 +518,29 @@
"id": "I_kwDOCUe3lM6DYZrC",
"title": "Properly render sublists",
"url": "https://github.com/oauth-wg/oauth-browser-based-apps/issues/43",
"state": "OPEN",
"state": "CLOSED",
"author": "philippederyck",
"authorAssociation": "CONTRIBUTOR",
"assignees": [],
"labels": [],
"body": "Section 5.1.2 contains a sublist, but it is not rendered properly\r\n\r\n```\r\n### Persistent Token Theft {#payload-persistent-theft}\r\n\r\nThis attack scenario is a more advanced variation on the Single-Execution Token Theft scenario ({{payload-single-theft}}). Instead of immediately stealing tokens upon the execution of the malicious payload, the attacker sets up the necessary handlers to steal the application's tokens on a continuous basis. This scenario consists of the following steps:\r\n\r\n- Execute malicious JS code\r\n- Setup a continuous token theft mechanism (e.g., on a 10-second time interval)\r\n\t - Obtain tokens from the application's preferred storage mechanism (See {{token-storage}})\r\n\t - Send the tokens to a server controlled by the attacker\r\n\t - Store the tokens\r\n- Wait until the opportune moment to abuse the latest version of the stolen tokens\r\n\r\nThe crucial difference in this scenario is that the attacker always has access to the latest tokens used by the application. This slight variation in the payload already suffices to counter typical defenses against token theft, such as short lifetimes or refresh token rotation.\r\n\r\nFor access tokens, the attacker now obtains the latest acce\r\n```",
"createdAt": "2024-03-24T06:54:28Z",
"updatedAt": "2024-04-11T16:03:07Z",
"closedAt": null,
"updatedAt": "2024-05-01T17:10:56Z",
"closedAt": "2024-05-01T17:10:56Z",
"comments": [
{
"author": "philippederyck",
"authorAssociation": "CONTRIBUTOR",
"body": "@aaronpk I don't know where to find an updated draft from #45, so I cannot check if this now renders correctly. It should though ...",
"createdAt": "2024-04-11T05:09:12Z",
"updatedAt": "2024-04-11T16:03:07Z"
},
{
"author": "aaronpk",
"authorAssociation": "MEMBER",
"body": "Yep looks good now \r\n<img width=\"647\" alt=\"image\" src=\"https://github.com/oauth-wg/oauth-browser-based-apps/assets/113001/e453c98c-11c1-4db7-b75b-b1d2f0c22344\">\r\n",
"createdAt": "2024-05-01T17:10:56Z",
"updatedAt": "2024-05-01T17:10:56Z"
}
]
},
Expand Down Expand Up @@ -582,15 +589,15 @@
"id": "I_kwDOCUe3lM6FX1eA",
"title": "Draw diagrams with tools instead of raw ASCII",
"url": "https://github.com/oauth-wg/oauth-browser-based-apps/issues/49",
"state": "OPEN",
"state": "CLOSED",
"author": "philippederyck",
"authorAssociation": "CONTRIBUTOR",
"assignees": [],
"labels": [],
"body": "Use `aasvg` or similar tooling instead of plain ASCII for diagrams",
"createdAt": "2024-04-11T12:30:34Z",
"updatedAt": "2024-04-11T12:30:34Z",
"closedAt": null,
"updatedAt": "2024-05-01T17:09:49Z",
"closedAt": "2024-05-01T17:09:49Z",
"comments": []
}
],
Expand Down Expand Up @@ -2887,24 +2894,26 @@
"id": "PR_kwDOCUe3lM5qlIv5",
"title": "Processed review from Justin Richer",
"url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/45",
"state": "OPEN",
"state": "MERGED",
"author": "philippederyck",
"authorAssociation": "CONTRIBUTOR",
"assignees": [],
"labels": [],
"body": "",
"createdAt": "2024-03-24T09:40:52Z",
"updatedAt": "2024-04-11T16:03:48Z",
"updatedAt": "2024-05-01T17:03:17Z",
"baseRepository": "oauth-wg/oauth-browser-based-apps",
"baseRefName": "main",
"baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a",
"headRepository": "philippederyck/OAUTHWG-oauth-browser-based-apps",
"headRefName": "pdr/review-justin-richer",
"headRefOid": "5cbdc2233c68a482fa8b48240b1724076ca2766d",
"closedAt": null,
"mergedAt": null,
"mergedBy": null,
"mergeCommit": null,
"closedAt": "2024-05-01T17:03:16Z",
"mergedAt": "2024-05-01T17:03:16Z",
"mergedBy": "aaronpk",
"mergeCommit": {
"oid": "6b9d710c032187891f9153ea7972562ebd10bf3e"
},
"comments": [
{
"author": "philippederyck",
Expand Down Expand Up @@ -3362,21 +3371,21 @@
"id": "PR_kwDOCUe3lM5qtWCN",
"title": "Feedback",
"url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/46",
"state": "OPEN",
"state": "CLOSED",
"author": "0xandybarlow",
"authorAssociation": "NONE",
"assignees": [],
"labels": [],
"body": "Overall the spec reads very well, I didn't have trouble following.\r\n\r\nI did spot a missing word perhaps? And also I was curious if there was a better way to describe the intent behind \"Authenticated Encryption with Authenticated Data\" statements - cipher? suite? algorithm? I couldn't decide on a better way - feel free to reject!\r\n\r\nGreat work!",
"createdAt": "2024-03-25T20:53:57Z",
"updatedAt": "2024-04-11T05:32:17Z",
"updatedAt": "2024-05-01T17:03:39Z",
"baseRepository": "oauth-wg/oauth-browser-based-apps",
"baseRefName": "main",
"baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a",
"headRepository": "0xandybarlow/oauth-browser-based-apps",
"headRefName": "andy-review",
"headRefOid": "d0fab5e707a6db95df3c3bb39ee94cef5cbdff5c",
"closedAt": null,
"closedAt": "2024-05-01T17:03:39Z",
"mergedAt": null,
"mergedBy": null,
"mergeCommit": null,
Expand All @@ -3396,24 +3405,26 @@
"id": "PR_kwDOCUe3lM5sUXqE",
"title": "Reworded the benefits of the Token Mediating Backend",
"url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/47",
"state": "OPEN",
"state": "MERGED",
"author": "philippederyck",
"authorAssociation": "CONTRIBUTOR",
"assignees": [],
"labels": [],
"body": "This PR offers an alternative to #40. Compared to PR #40 it makes two changes:\r\n\r\n1. I removed the newly added text to avoid creating confusion between the responsibilities of a BFF. While it is technically possible to deploy a BFF as part of an API gateway, I believe this suggestion may create confusion for someone trying to grasp the pattern. An API Gateway is closely linked to an API, while a BFF is (in theory) closely linked to a frontend.\r\n\r\n2. Reworded the benefits of the Token Mediating Backend to more accurately represent the advantages/disadvantages of the pattern, as correctly suggested by this PR\r\n\r\nIf this PR is merged, #40 can be closed.",
"createdAt": "2024-04-11T05:26:47Z",
"updatedAt": "2024-04-13T14:59:04Z",
"updatedAt": "2024-05-01T17:04:26Z",
"baseRepository": "oauth-wg/oauth-browser-based-apps",
"baseRefName": "main",
"baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a",
"headRepository": "philippederyck/OAUTHWG-oauth-browser-based-apps",
"headRefName": "pdr/alternative-for-pr-40",
"headRefOid": "dd09298cd5912df1a99266ed1e96f474d3b3da8c",
"closedAt": null,
"mergedAt": null,
"mergedBy": null,
"mergeCommit": null,
"closedAt": "2024-05-01T17:04:26Z",
"mergedAt": "2024-05-01T17:04:26Z",
"mergedBy": "aaronpk",
"mergeCommit": {
"oid": "84e0a8519fed6485a4b728a40bad13adf8e79eb2"
},
"comments": [],
"reviews": [
{
Expand All @@ -3436,24 +3447,26 @@
"id": "PR_kwDOCUe3lM5s3NBN",
"title": "feat: narrowing ascii-art and adding svg support",
"url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/50",
"state": "OPEN",
"state": "MERGED",
"author": "duncanwd",
"authorAssociation": "NONE",
"authorAssociation": "CONTRIBUTOR",
"assignees": [],
"labels": [],
"body": "Resolves #49\r\n\r\n1. Narrows the existing ASCII diagrams to 72 characters for better plain-text layout.\r\n2. Extracts the narrowed ASCII art into separate files.\r\n3. Modifies the markdown to invoke aasvg for automated SVG generation and inclusion in the HTML version\r\n\r\n**Note:** The aasvg npm package must be installed for the Makefile to function correctly. See the instructions link at the bottom of the main README.md for the install procedure.\r\n\r\nPlease check for errors in the modified ASCII diagrams, figure labels, and figure titles.",
"createdAt": "2024-04-17T01:43:57Z",
"updatedAt": "2024-04-17T15:18:01Z",
"updatedAt": "2024-05-01T17:09:49Z",
"baseRepository": "oauth-wg/oauth-browser-based-apps",
"baseRefName": "main",
"baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a",
"headRepository": "duncanwd/oauth-browser-based-apps",
"headRefName": "feature/artwork",
"headRefOid": "ab3750d2d0592b55fdc506bee9b1e84af2d422a3",
"closedAt": null,
"mergedAt": null,
"mergedBy": null,
"mergeCommit": null,
"closedAt": "2024-05-01T17:09:48Z",
"mergedAt": "2024-05-01T17:09:48Z",
"mergedBy": "aaronpk",
"mergeCommit": {
"oid": "c97fa1fa473205e22a219b509533ddf688404a3a"
},
"comments": [],
"reviews": []
}
Expand Down

0 comments on commit 8071081

Please sign in to comment.