Comments (4)
I don't think this makes a lot of sense. 2FA is usually well supported in all major languages and it's much easier to use language-level api than network level-api.
from hydra.
For time-based OTP, isn't this really a responsibility of the challenge app?
Or are you planning on storing a number of per-subject keys/secrets in the DB these can be generated against because you want to be the source-of-truth for all things secure (apart from the subject's password)?
from hydra.
Yes, it's definitely the challenge app's responsibility. But I think that Hydra can take a supportive role in that regard and offer simple APIs to solve these sort of issues.
Am 12.09.2016 um 07:37 schrieb Wayne Robinson [email protected]:
For time-based OTP, isn't this really a responsibility of the challenge app?
Or are you planning on storing a number of per-subject keys/secrets in the DB these can be generated against because you want to be the source-of-truth for all things secure (apart from the subject's password)?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub #69 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/ADN1ellmtVu4oCCxhyyIKNT1ZhQ7utUiks5qpOUAgaJpZM4IWUYM.
from hydra.
Moved to unplanned because not a priority and questionable benefit.
from hydra.
Related Issues (20)
- Expired Login/Consent Challenge Should be Resolvable for Consent App
- Hydra 1.11.10 and mysql 5.7.30 - Too much connection stuck mysql database HOT 4
- feat: Allow POST method to send large login_challenge/consent_challenge to login/consent pages
- deployment.environment key is received empty from hydra in opentelemetry collector
- janitor is not cleaning up the expired access_tokens generated using client_credentials flow HOT 3
- updated_at not using Unix timestamp (in seconds) but in milliseconds HOT 1
- Pagination is wrong when listing consent session on Ory/Hydra
- Why are logout URLs compared to redirect URLs?
- Hydra 2 does not send CORS headers in response to OPTIONS preflight request HOT 6
- Support Negative Selection for List OAuth2 Clients API
- Support for Azure Cosmos DB as the database for Ory/Hydra HOT 1
- Token introspection can respond `{"active": false}` for a valid token when losing DB connection HOT 1
- Issue with logout when using id token hint in ory Hydra (2.x)
- Seq scan for janitor login/consent flows cleanup SQL query
- Hydra is consuming a lot of memory in prod HOT 1
- Incorrect Handling of Scopes with Special Character "|" in scp Claim HOT 2
- /.well-known/jwks.json is not registered with IANA, violating a MUST in RFC 5785 HOT 5
- Make OP-initiated logout stateless HOT 1
- Delete individual consent sessions via API
- Serve prometheus metrics from a dedicated port
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hydra.