feat: binding semantics hardening#299
Open
brendanjryan wants to merge 1 commit intobrendan/verified-context-apifrom
Open
feat: binding semantics hardening#299brendanjryan wants to merge 1 commit intobrendan/verified-context-apifrom
brendanjryan wants to merge 1 commit intobrendan/verified-context-apifrom
Conversation
commit: |
brendanjryan
force-pushed
the
brendan/binding-semantics-hardening
branch
from
b52e9e6 to
fa9a919
Compare
brendanjryan
force-pushed
the
brendan/binding-semantics-hardening
branch
from
fa9a919 to
7e96ff5
Compare
brendanjryan
force-pushed
the
brendan/verified-context-api
branch
from
36bd909 to
46cfbf0
Compare
brendanjryan
force-pushed
the
brendan/binding-semantics-hardening
branch
from
7e96ff5 to
f0c0fc4
Compare
brendanjryan
force-pushed
the
brendan/verified-context-api
branch
2 times, most recently
from
a229719 to
2640531
Compare
brendanjryan
force-pushed
the
brendan/binding-semantics-hardening
branch
from
f0c0fc4 to
c526ea6
Compare
Replace partial scope check (method/intent/realm + 6 selected request fields) with full stable challenge scope comparison: method, intent, realm, full canonical request, and opaque. Closes gap where credentials differing only in non-binding request fields or opaque could pass scope verification. Expires remains a separate freshness check; digest binding deferred to PR 3.
brendanjryan
force-pushed
the
brendan/binding-semantics-hardening
branch
from
c526ea6 to
099c1ba
Compare
brendanjryan
force-pushed
the
brendan/verified-context-api
branch
from
2640531 to
1b0697b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces partial scope check (6 hardcoded fields) with full canonical
request+opaquecomparison viagetChallengeScopeMismatch(). Strengthenscompose()dispatch to match. Removes ~75 lines of dead normalization code.Stack: #298 → #299