You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As we did not specify the protocol (it was misconfigured since the first ever deployment 5 years ago), we were hit with downtime as users were not able to login and needed the debug the issue.
Suggestion
As https is the de facto standard for all authentication matters, in the absence of specified protocol, I will recommend the library to default to https and log an error or warning that the https should be specified.
Alternatively, throw an error if protocol is not specified.
The text was updated successfully, but these errors were encountered:
Context
We were using Auth0 and this library to handle OIDC login. Recently Auth0 rolled a change that prevent apps from calling them via plaintext (see https://community.auth0.com/t/action-required-always-use-https-for-communication-with-auth0/145203)
As we did not specify the protocol (it was misconfigured since the first ever deployment 5 years ago), we were hit with downtime as users were not able to login and needed the debug the issue.
Suggestion
As
httpsis the de facto standard for all authentication matters, in the absence of specified protocol, I will recommend the library to default tohttpsand log an error or warning that the https should be specified.Alternatively, throw an error if protocol is not specified.
The text was updated successfully, but these errors were encountered: