Add security consideration section to integration tests #65
Comments
|
I love this idea. I'm going to outline the tests and push a new |
|
I created a This is going to take some time and I'm not sure how much of this is going to be testable without a client but I think it's a good goal. I'll continue to outline the tests and hopefully those will generate some good discussions. Thanks again for bringing this up @jankapunkt |
|
Actually some interesting stuff. Like the authorization code should not be used multiple times, but if it is then revoke all access tokens based on the authorization code. So some of these tests mean that we have to store some additional data, like a reference to the authorizationcode (code itself or e.g. a sha1 hash) in the access token) to be able to revoke all access tokens based on that authorization code in that case. |
We should add tests to fully cover section 10 - security considerations and cover as much as possible that can be covered without going into implementation details.
The text was updated successfully, but these errors were encountered: