Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Google OAuth2 plugin
See original GitHub issueMotivation
Lots of users are reporting problems with Google OAuth2 callback requests as it’s scope argument usually contains string .profile, which is triggering rule 930120. We already proposed a solution for this (see PRs #1958 and #2222) but i don’t think that our core ruleset should contain bypasses for specific software and services.
Proposed solution
I suggest reworking this into an official plugin, which will contain 3 rules:
- current rule
930050 - new rule
930051from #2222 - and, finally, rule similar to this:
SecRule TX:GOOGLE_OAUTH2_CALLBACK_DETECTED "@eq 1" \
"id:930052,\
phase:2,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=930120;ARGS:scope"
Prototype of this plugin is ready.
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Using OAuth 2.0 for Web Server Applications | Authorization
Using OAuth 2.0 for Web Server Applications ; Open the API Library in the Google API Console. If prompted, select a project, or...
Read more >plugins/oauth - Git at Google
With this plugin Gerrit can use OAuth2 protocol for authentication. Supported OAuth providers: AirVantage · Bitbucket · CAS · CoreOS Dex · Facebook...
Read more >OWASP ModSecurity Core Rule Set - Google OAuth2 Plugin
OWASP ModSecurity Core Rule Set - Google OAuth2 Plugin. Description. Plugin to suppress false positives with Google OAuth2 online authorization service ...
Read more >Google OAuth Credentials - Jenkins Plugins
This plugin implements the OAuth Credentials interfaces for surfacing Google Service Accounts to Jenkins. This plugin allows for the ...
Read more >Oauth2 authentication plugin for Moodle (for Moodle 3.2 and ...
There are many alternatives to this plugin, if you have any trouble with this plugin it may be a good idea to try...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Plugin is ready: https://github.com/coreruleset/google-oauth2-plugin. Closing!
Ready for review!