Skip to content
Snippets Groups Projects
Commit d658c24e authored by Rui Yang's avatar Rui Yang Committed by CI Bot
Browse files

add dex config flag for enabling client secret encryption 


* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: default avatarAlex Surraci <suraci.alex@gmail.com>
Signed-off-by: default avatarRui Yang <ruiya@vmware.com>
parent ec6f3a2f
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment