We have some documentation about using IBM Watson: https://github.com/sahat/hackathon-starter#ibm-watson

It would be great if we have one or more working API examples using Watson or ML/AI APIs that are provided by other companies such as Microsoft or AWS.

It looks like most of the advice from the OWASP REST Cheat Sheet is discussed in this API-Security-Checklist, but OWASP talks about the importance of CORS, which is not mentioned at all in this API-Security-Checklist. Probably good to make mention. Also, the OWASP REST Cheat Sheet provides a bit more guidance regarding validation that might be good to incorporate.

https://github.com/OWASP/Che

Is your feature request related to a problem? Please describe.

When querying the Clients/Consent Sessions using pagination, ORY Hydra will only return results with some links, but not the total count of the items, which is useful to display in the frontend, you know, showing the total pages or something.

Describe the solution you'd like

Add the total_count parameter into Hea

I use IdentityServer (v2.5.3) and recently went from code-defined clients to appSettings-defined (see http://docs.identityserver.io/en/3.1.0/topics/clients.html)

In the process I made the mistake of translating AllowedGrantTypes = GrantTypes.ClientCredentials into "AllowedGrantTypes": [ "ClientCredentials" ] when the correct value is "client_credentials".

I noticed that:

• The error

So I'm extremely confused about what I should use when instantiating AuthorizationServer object.

So the documentation directs people to generate public and private keys and then literally says:

The authorization server also requires the public key.

But then this commit removes the public key from the AuthorizationServer code:
[76

The links on the FAQ page in the wiki still point to the old wiki, which seems to be deprecated.

问题描述

前端项目登陆的时候，报错500。

原因分析

是因为feign获取user的时候，超时，然后走的是降级的代码。

本质就是因为feign请求的时候，超时。

在这个项目里，feign请求超时。

而且，自己写的简单demo （ https://gitee.com/52itstyle/Spring-Cloud-Alibaba.git )， 专门用于测试nacos和feign，也是超时。一模一样的错误。

所以，应该不是这个项目的原因，而是我的电脑(mac)，只要是nacos和feign，都是超时。

2020-02-24 20:58:21.938 ERROR [authorization-server,b6ed6d23d9efe8e5,b6ed6d23d9efe8e5,true] 20465 --- [nio-8000-exec-1] 

Dear Guillaume,
There is a tiny error in your documentation here: http://gmvault.org/in_depth.html
This line:

You can renew a saved oauth token with the option --renew-oauth-tok

should read:

You can renew a saved oauth token with the option --renew-oauth2-tok

The 2 is missing. The missing 2 causes an error when a user tries to renew the Oauth token. Would be great if you co

Recently Slack updated its scopes, and the last step of the migration states:
"Change your app’s authentication URL to look like this: https://slack.com/oauth/v2/authorize?client_id=XXX"

This URL has changed, and it seems that new Slack apps cannot use this library.

Documentation page: https://api.slack.com/authentication/oauth-v2

I have developed a server using league/oauth2-server which successfully returns access tokens and resources when issuing the appropriate cURL commands.

I cannot, however, develop a functional client using the client credentials grant and I know that a lot of users of this package experience the same problem. I have asked the question on github, but I think the issue is the result of missing cod

I pulled all my hair and my face is bloody and I have no clue what I'm doing.

Can someone point me in a direction? I've search Google, Github and Stackoverflow without help.

https://steamcommunity.com/dev
https://steamcommunity.com/openid

I'm using Strapi so I cant take any shortcuts by using something else... :(

Currently when I'm either downloading from sources or importing files, very little output is written to the screen. I'd love it if I can see some kind of progress being made or some kind of logging information being printed. Even if I have to add a flag to get it.

If not for some particular exceptions, the status code returned from our WebAPI on error is always 500, regardless of the kind of error.

If an object already exists, for example, it should be returned as 409. If the object does not pass the schema validation, it should be a 415.

Go through the whole WebAPI and verify that the status codes are being returned correctly.

Hint: Error cl

Describe the feature

Ideally the documentation should mention all the datastore models required by the OpenID Connect flows. The current documentation has this section for OAuth2.0 (https://oauthlib.readthedocs.io/en/latest/oauth2/server.html#create-your-datastore-models) but it is missing for OIDC.

There are a couple issues open right now that suggest a general restructuring of GAM code, which I agree would be good. However, one simple fix that would help both with code structure and readability of contributed code is a style guide that could be enforced during PR review.

The main file is over 13k lines, at this point, and lacks a consistent style and structure throughout, making it diff

The documentation from jazzband/django-oauth-toolkit@566fe67 is super confusing, because it refers to the setting as OAUTH2_PROVIDER_APPLICATION_MODEL but later refers to it as APPLICATION_MODEL.

Is this two settings? Is it one setting, and - if so - which name is it? I think that it's intended to be a single setting called `APPLICA

It’s not part of the OAuth spec but in particular we should call out that it takes a JSON body in the template.

authlib contains pretty much all you need to implement JWT token validation. It would be nice if there was a simple default one provided. I'm not sure how many moving parts it would have. If no single validator would cover 80% of cases, maybe provide more docs on how to assemble one.

@lepture If you have a general idea of how you would like to see this implemented I would probably be able to do

When I using aws-amplify && react-native-google-signin I getting every time Invalid login token. Not a valid OpenId Connect identity token.

Example of my code:

GoogleSignin.configure({ webClientId: '**************', });

signUpViaGoogle = async () => {
try {
const userInfo = await GoogleSignin.signInSilently();
await GoogleSignin.getT

I suggest adding a few example usage of loginsrv as a Standalone microservice on the main page.

I think these should be added:

• Basics (help being available with loginsrv -help)
• HTTPd (Apache)
• NGINX
• Caddy 1
• Caddy 2