Skip to content

realStandal/redwoodjs-dbauth-oauth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

.vscode

.vscode

 
 

api

api

 
 

scripts

scripts

 
 

web

web

 
 

.editorconfig

.editorconfig

 
 

.env.example

.env.example

 
 

.gitignore

.gitignore

 
 

.nvmrc

.nvmrc

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

graphql.config.js

graphql.config.js

 
 

package.json

package.json

 
 

prettier.config.js

prettier.config.js

 
 

redwood.toml

redwood.toml

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

RedwoodJS: OAuth integration with dbAuth

This repository houses a set of OAuth integrations for RedwoodJS' dbAuth:

3rd-Party Identity Provider Integration

Support for the following OAuth-compatible platforms (identity providers) can be found in this repository:

CSRF Prevention

All requests to a 3rd-party identity provider make use of the OAuth-standard state parameter to mitigate CSRF attacks. This value is generated at the start of each OAuth request, and is stored using the browser's SessionStorage interface.

When a user is redirected after authorizing the OAuth request, the returned state-value is checked against the one in storage. If there is a match: the request is allowed and the user is authenticated; if there is not a match: the request is discarded, the user is notified of the possible attack, and the user is not authenticated.

This mitigation takes place entirely on the client. The web-side generates a random value, adds it to the OAuth request, stores the value, and performs response-matching without contacting the API.

About

An example repository which provides OAuth integration to RedwoodJS' dbAuth.

Topics

oauth redwoodjs github-auth dbauth

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages