This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Is it possible to filter allowed chars in request body, query params.For
many of our API endpoints, the input is echoed unmodified in the
application's response. Using this behavior, someone can send arbitrary
Javascript in the request which will be ...
I'm using the OAuthV2 policy to store, retrieve and update custom
attributes attached to the access token. Specifically, one of these
attributes is a csrf_token in the form of uuid.The GenerateAccessToken
policy looks like below -
GenerateAccessToke...
I have a JWT with custom claims that looks like this - { "iss":
"https://example.com/", "sub": "auth0|12345", "aud": [
"auth.example.com" ], "iat": 1646403704, "exp": 1646490104, "azp":
"dfslfjsdfjdsofdsfsd", "scope": "openid profile email offline_ac...
I have a Javascript attached in a shared flow that always returns an
error when calling the proxy where the shared flow is attached.In fact,
it doesn't matter what I put in the JS file, I always get the following
error in the Trace when the Javascrip...
I'm trying to define a route rule where request is sent to a certain
target only for certain client_ids. I don't want to hard-code these
client ids in the proxy but instead get them from KVM. I will keep them
in KVM as a comma-separated list.In my Ro...
Thank you @dchiesa1 . That works for now.Once the requested feature is
available, it would be good go get everything we need from the Verify
JWT policy itself.
I would just store the variable in KVM and create this in each
environment where this is required.This has the advantage of being able
to update it anytime without having to re-deploy the proxy.