Skip to content

DBP-29: don't encrypt cookies #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pan93412 merged 7 commits into from
Sep 15, 2025
Merged

DBP-29: don't encrypt cookies #14

pan93412 merged 7 commits into from
Sep 15, 2025

Conversation

@pan93412
Copy link
Member

@pan93412 pan93412 commented Sep 15, 2025

  • refactor: remove unused parameters
  • refactor: save OAuth Token in plaintext
  • chore: clean up dependencies
  • chore: update dependencies
  • style: reformat code
  • fix: runtime bugs

@pan93412
refactor: remove unused parameters
f9b9f50
@pan93412
refactor: save OAuth Token in plaintext
0cfb7d9 
Saving the token in plaintext may be unsafe, but it allows for usable impersonation.

The RFC Draft "OAuth 2.0 for Browser-Based Applications" [^1] does not require the token to be encrypted.

This approach may slightly reduce the CPU time for an edge request, but the difference should not be very noticeable.

[^1]: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps#section-6.1.3.2
@pan93412
chore: clean up dependencies
10b4b7c
@pan93412
chore: update dependencies
23f6908
@pan93412
style: reformat code
26ffff2
@pan93412
fix: runtime bugs
c0ae5c6
@pan93412 pan93412 self-assigned this Sep 15, 2025
@vercel
Copy link

vercel bot commented Sep 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
admin-frontend Ready Ready Preview Comment Sep 15, 2025 3:32am

@linear
Copy link

linear bot commented Sep 15, 2025

DBP-29 Don't encrypt cookie

@pan93412 pan93412 force-pushed the pan93412/dbp-29-dont-encrypt-cookie branch from 351c2a9 to 961a9a8 Compare September 15, 2025 03:30
@pan93412 pan93412 merged commit 6e141cc into main Sep 15, 2025
3 checks passed
@pan93412 pan93412 deleted the pan93412/dbp-29-dont-encrypt-cookie branch September 15, 2025 05:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pan93412 pan93412

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pan93412