From 8071081e28e0bdb2484740b5209a60f619b6ce27 Mon Sep 17 00:00:00 2001 From: ID Bot Date: Thu, 2 May 2024 00:05:03 +0000 Subject: [PATCH] Script updating archive at 2024-05-02T00:05:03Z. [ci skip] --- archive.json | 71 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 29 deletions(-) diff --git a/archive.json b/archive.json index 756bc7e..3d04dda 100644 --- a/archive.json +++ b/archive.json @@ -1,6 +1,6 @@ { "magic": "E!vIA5L86J2I", - "timestamp": "2024-04-30T00:04:18.722610+00:00", + "timestamp": "2024-05-02T00:04:59.834830+00:00", "repo": "oauth-wg/oauth-browser-based-apps", "labels": [ { @@ -518,15 +518,15 @@ "id": "I_kwDOCUe3lM6DYZrC", "title": "Properly render sublists", "url": "https://github.com/oauth-wg/oauth-browser-based-apps/issues/43", - "state": "OPEN", + "state": "CLOSED", "author": "philippederyck", "authorAssociation": "CONTRIBUTOR", "assignees": [], "labels": [], "body": "Section 5.1.2 contains a sublist, but it is not rendered properly\r\n\r\n```\r\n### Persistent Token Theft {#payload-persistent-theft}\r\n\r\nThis attack scenario is a more advanced variation on the Single-Execution Token Theft scenario ({{payload-single-theft}}). Instead of immediately stealing tokens upon the execution of the malicious payload, the attacker sets up the necessary handlers to steal the application's tokens on a continuous basis. This scenario consists of the following steps:\r\n\r\n- Execute malicious JS code\r\n- Setup a continuous token theft mechanism (e.g., on a 10-second time interval)\r\n\t - Obtain tokens from the application's preferred storage mechanism (See {{token-storage}})\r\n\t - Send the tokens to a server controlled by the attacker\r\n\t - Store the tokens\r\n- Wait until the opportune moment to abuse the latest version of the stolen tokens\r\n\r\nThe crucial difference in this scenario is that the attacker always has access to the latest tokens used by the application. This slight variation in the payload already suffices to counter typical defenses against token theft, such as short lifetimes or refresh token rotation.\r\n\r\nFor access tokens, the attacker now obtains the latest acce\r\n```", "createdAt": "2024-03-24T06:54:28Z", - "updatedAt": "2024-04-11T16:03:07Z", - "closedAt": null, + "updatedAt": "2024-05-01T17:10:56Z", + "closedAt": "2024-05-01T17:10:56Z", "comments": [ { "author": "philippederyck", @@ -534,6 +534,13 @@ "body": "@aaronpk I don't know where to find an updated draft from #45, so I cannot check if this now renders correctly. It should though ...", "createdAt": "2024-04-11T05:09:12Z", "updatedAt": "2024-04-11T16:03:07Z" + }, + { + "author": "aaronpk", + "authorAssociation": "MEMBER", + "body": "Yep looks good now \r\n\"image\"\r\n", + "createdAt": "2024-05-01T17:10:56Z", + "updatedAt": "2024-05-01T17:10:56Z" } ] }, @@ -582,15 +589,15 @@ "id": "I_kwDOCUe3lM6FX1eA", "title": "Draw diagrams with tools instead of raw ASCII", "url": "https://github.com/oauth-wg/oauth-browser-based-apps/issues/49", - "state": "OPEN", + "state": "CLOSED", "author": "philippederyck", "authorAssociation": "CONTRIBUTOR", "assignees": [], "labels": [], "body": "Use `aasvg` or similar tooling instead of plain ASCII for diagrams", "createdAt": "2024-04-11T12:30:34Z", - "updatedAt": "2024-04-11T12:30:34Z", - "closedAt": null, + "updatedAt": "2024-05-01T17:09:49Z", + "closedAt": "2024-05-01T17:09:49Z", "comments": [] } ], @@ -2887,24 +2894,26 @@ "id": "PR_kwDOCUe3lM5qlIv5", "title": "Processed review from Justin Richer", "url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/45", - "state": "OPEN", + "state": "MERGED", "author": "philippederyck", "authorAssociation": "CONTRIBUTOR", "assignees": [], "labels": [], "body": "", "createdAt": "2024-03-24T09:40:52Z", - "updatedAt": "2024-04-11T16:03:48Z", + "updatedAt": "2024-05-01T17:03:17Z", "baseRepository": "oauth-wg/oauth-browser-based-apps", "baseRefName": "main", "baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a", "headRepository": "philippederyck/OAUTHWG-oauth-browser-based-apps", "headRefName": "pdr/review-justin-richer", "headRefOid": "5cbdc2233c68a482fa8b48240b1724076ca2766d", - "closedAt": null, - "mergedAt": null, - "mergedBy": null, - "mergeCommit": null, + "closedAt": "2024-05-01T17:03:16Z", + "mergedAt": "2024-05-01T17:03:16Z", + "mergedBy": "aaronpk", + "mergeCommit": { + "oid": "6b9d710c032187891f9153ea7972562ebd10bf3e" + }, "comments": [ { "author": "philippederyck", @@ -3362,21 +3371,21 @@ "id": "PR_kwDOCUe3lM5qtWCN", "title": "Feedback", "url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/46", - "state": "OPEN", + "state": "CLOSED", "author": "0xandybarlow", "authorAssociation": "NONE", "assignees": [], "labels": [], "body": "Overall the spec reads very well, I didn't have trouble following.\r\n\r\nI did spot a missing word perhaps? And also I was curious if there was a better way to describe the intent behind \"Authenticated Encryption with Authenticated Data\" statements - cipher? suite? algorithm? I couldn't decide on a better way - feel free to reject!\r\n\r\nGreat work!", "createdAt": "2024-03-25T20:53:57Z", - "updatedAt": "2024-04-11T05:32:17Z", + "updatedAt": "2024-05-01T17:03:39Z", "baseRepository": "oauth-wg/oauth-browser-based-apps", "baseRefName": "main", "baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a", "headRepository": "0xandybarlow/oauth-browser-based-apps", "headRefName": "andy-review", "headRefOid": "d0fab5e707a6db95df3c3bb39ee94cef5cbdff5c", - "closedAt": null, + "closedAt": "2024-05-01T17:03:39Z", "mergedAt": null, "mergedBy": null, "mergeCommit": null, @@ -3396,24 +3405,26 @@ "id": "PR_kwDOCUe3lM5sUXqE", "title": "Reworded the benefits of the Token Mediating Backend", "url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/47", - "state": "OPEN", + "state": "MERGED", "author": "philippederyck", "authorAssociation": "CONTRIBUTOR", "assignees": [], "labels": [], "body": "This PR offers an alternative to #40. Compared to PR #40 it makes two changes:\r\n\r\n1. I removed the newly added text to avoid creating confusion between the responsibilities of a BFF. While it is technically possible to deploy a BFF as part of an API gateway, I believe this suggestion may create confusion for someone trying to grasp the pattern. An API Gateway is closely linked to an API, while a BFF is (in theory) closely linked to a frontend.\r\n\r\n2. Reworded the benefits of the Token Mediating Backend to more accurately represent the advantages/disadvantages of the pattern, as correctly suggested by this PR\r\n\r\nIf this PR is merged, #40 can be closed.", "createdAt": "2024-04-11T05:26:47Z", - "updatedAt": "2024-04-13T14:59:04Z", + "updatedAt": "2024-05-01T17:04:26Z", "baseRepository": "oauth-wg/oauth-browser-based-apps", "baseRefName": "main", "baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a", "headRepository": "philippederyck/OAUTHWG-oauth-browser-based-apps", "headRefName": "pdr/alternative-for-pr-40", "headRefOid": "dd09298cd5912df1a99266ed1e96f474d3b3da8c", - "closedAt": null, - "mergedAt": null, - "mergedBy": null, - "mergeCommit": null, + "closedAt": "2024-05-01T17:04:26Z", + "mergedAt": "2024-05-01T17:04:26Z", + "mergedBy": "aaronpk", + "mergeCommit": { + "oid": "84e0a8519fed6485a4b728a40bad13adf8e79eb2" + }, "comments": [], "reviews": [ { @@ -3436,24 +3447,26 @@ "id": "PR_kwDOCUe3lM5s3NBN", "title": "feat: narrowing ascii-art and adding svg support", "url": "https://github.com/oauth-wg/oauth-browser-based-apps/pull/50", - "state": "OPEN", + "state": "MERGED", "author": "duncanwd", - "authorAssociation": "NONE", + "authorAssociation": "CONTRIBUTOR", "assignees": [], "labels": [], "body": "Resolves #49\r\n\r\n1. Narrows the existing ASCII diagrams to 72 characters for better plain-text layout.\r\n2. Extracts the narrowed ASCII art into separate files.\r\n3. Modifies the markdown to invoke aasvg for automated SVG generation and inclusion in the HTML version\r\n\r\n**Note:** The aasvg npm package must be installed for the Makefile to function correctly. See the instructions link at the bottom of the main README.md for the install procedure.\r\n\r\nPlease check for errors in the modified ASCII diagrams, figure labels, and figure titles.", "createdAt": "2024-04-17T01:43:57Z", - "updatedAt": "2024-04-17T15:18:01Z", + "updatedAt": "2024-05-01T17:09:49Z", "baseRepository": "oauth-wg/oauth-browser-based-apps", "baseRefName": "main", "baseRefOid": "741f8820be57a2a29c60d7713b5655031279a04a", "headRepository": "duncanwd/oauth-browser-based-apps", "headRefName": "feature/artwork", "headRefOid": "ab3750d2d0592b55fdc506bee9b1e84af2d422a3", - "closedAt": null, - "mergedAt": null, - "mergedBy": null, - "mergeCommit": null, + "closedAt": "2024-05-01T17:09:48Z", + "mergedAt": "2024-05-01T17:09:48Z", + "mergedBy": "aaronpk", + "mergeCommit": { + "oid": "c97fa1fa473205e22a219b509533ddf688404a3a" + }, "comments": [], "reviews": [] }