8b4e461748
RandomValueStringGenerator default constructor creates a code of length six only. The RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) suggests (5.1.4.2.2. Use High Entropy for Secrets) that secrets that aren't used by humans (e.g. client secrets or token handles) have a reasonable level of enthropy. They propose a token lengths of at least 128 bits. Since the RandomValueStringGenerator only uses case sensitive alpha numeric symbols, 22 symbols are needed to achieve an enthropy >=128 bits. |
||
|---|---|---|
| openid-connect-client | ||
| openid-connect-common | ||
| openid-connect-server | ||
| openid-connect-server-webapp | ||
| uma-server | ||
| uma-server-webapp | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| CHANGELOG.md | ||
| LICENSE.txt | ||
| README.md | ||
| README_zh_CN.md | ||
| checkstyle.xml | ||
| pom.xml | ||
README.md
MITREid Connect
This project contains a certified OpenID Connect reference implementation in Java on the Spring platform, including a functioning server library, deployable server package, client (RP) library, and general utility libraries. The server can be used as an OpenID Connect Identity Provider as well as a general-purpose OAuth 2.0 Authorization Server.
More information about the project can be found:
- The project homepage on GitHub (with related projects)
- Full documentation
- Documentation for the Maven project and Java API
- Issue tracker (for bug reports and support requests)
- The mailing list for the project can be found at
mitreid-connect@mit.edu, with archives available online.
The authors and key contributors of the project include:
- Justin Richer
- Amanda Anganes
- Michael Jett
- Michael Walsh
- Steve Moore
- Mike Derryberry
- William Kim
- Mark Janssen
Copyright ©2017, MIT Internet Trust Consortium. Licensed under the Apache 2.0 license, for details see LICENSE.txt.