Open Closed

Sensitive-Information-Disclosure-finding-for-well-knownjwks-and-well-knownopenid-configuration #8421

User avatar
0
iteabr2020 created
  • ABP Framework version: v7.3.3
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): No
  • Exception message and full stack trace:
  • Steps to reproduce the issue: Deploy and start the application. The jwks and openid-configuration files are being exposed. How can we disable this files from being exposed to public.
Go to accepted answer
1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is the public info of the OAuth2 server. They don't contain any Sensitive data. https://datatracker.ietf.org/doc/html/rfc8414#section-3

    RSA public key is not Sensitive

    See

    https://accounts.google.com/.well-known/openid-configuration https://account.apple.com/.well-known/openid-configuration https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

Assignee
User avatar maliming
Labels
None yet
Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09