oidc

Asking about this since the NSA recently published guidance advising the public and private sectors to transition to cryptographic algorithms that are no less than sha384 & ec384 (elliptic curves).

While Edwards' Curves are different, its worth noting that prior to this update sha256 & secp256k1 were both on the list of acceptable cryptographic algorithms. My deduction was that 128-bit securit

Describe the bug

Our favicon is missing when opening the welcome page on chrome / macos (see additional details)

Version

<=latest

Expected behavior

Favicon is shown

Actual behavior

Favicon is missing on the welcome page. It shows up when opening other pages like login / admin ui, though.

How to Reproduce?

e.g.
kc.sh start-dev -> navigate to localhost:8080 -> see

In vercel/next.js#34316 (comment) I concluded that getInitialProps really does not play well with our auth model. There are simply much better solutions for this now.

We should discourage the usage of it entirely.

https://next-auth.js.org/tutorials/securing-pages-and-api-routes should be updated to also mention [Middleware support](https://next-auth.

Describe the bug
If the environment (in my case the stage environment) is not setup as a a secure origin the library break up cause of the crypto library is not in window object

To Reproduce
Steps to reproduce the behavior:

1. A server work on http that is setup as 'insecure origin'
2. Start the login sequence

Expected behavior
Warning on library loading that check secure or

Describe the issue:
The links not show hover states on hover on the getting started page.

How to reproduce:

1. Navigate to getting started page
2. hover over any link

Expected behavior:
Should indicate hover state for links

Our docs use cert-manager on GKE. It would be good to migrate them to use GKE workload identity so that the cluster does not need direct access to the GCP SA creds.