dshoreman / servidor

A modern web application for managing servers

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Don't proxy OAuth Tokens

dshoreman opened this issue · comments

In our Auth\LoginController we proxy from /login to /oauth/token so that a global Client ID and Secret can be injected without exposing them on the frontend.

This really needs to be fixed. One potential method would be using Passport's Code Grant with PKCE, but it may be easier to use Sanctum with its cookie-based SPA Authentication instead.

ezoic increase your site revenue