| Issue 176: | Protect Provider accounts from replay attacks at other 1.0 RPs | |
| Back to list |
Sign in to add a comment
|
Add feature in OP-side of the OpenID library to never use shared associations with RP 1.0 clients when sending assertions, thereby forcing them to send a check_auth mesage, allowing the OP to check for replay attacks. |
||||||||||||
,
Mar 05, 2009
Added OpenID Provider downlevel protection for 1.x Relying Parties and turning it on by default. master c282f35b8cca
Status: Fixed
|
|||||||||||||
 Sign in to add a comment
|
|||||||||||||
