Skip to content

Fix: Remove OAuth2 verification data after use #3777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 24, 2025
Merged

Fix: Remove OAuth2 verification data after use #3777

merged 3 commits into from
Oct 24, 2025

Conversation

@silva-fj
Copy link
Contributor

@silva-fj silva-fj commented Oct 21, 2025

Summary

  • Removes OAuth2 verification data from storage immediately after retrieval

@silva-fj
fix: remove OAuth2 verification data after use
2e9de30 
Ensures state/nonce values are single-use and prevents database bloat
@claude
Copy link

claude bot commented Oct 21, 2025
edited
Loading

Claude encountered an error —— View job

I'll analyze this and get back to you.

@silva-fj silva-fj requested a review from a team October 21, 2025 12:36
@silva-fj silva-fj enabled auto-merge (squash) October 21, 2025 12:38
BillyWooo
BillyWooo requested changes Oct 21, 2025
View reviewed changes
Copy link
Collaborator

@BillyWooo BillyWooo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's hold it there.
Frontend team would prefer this nonce to exist for some time (like more than 5 minutes).

@silva-fj
Copy link
Contributor Author

silva-fj commented Oct 21, 2025

Let's hold it there. Frontend team would prefer this nonce to exist for some time (like more than 5 minutes).

The nonce is included in the id token. The authorization code can be used only once, so if they try again the verification will fail anyways

@vercel
Copy link

vercel bot commented Oct 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
heima-aa-demo-app Ready Ready Preview Comment Oct 24, 2025 2:10pm

@silva-fj silva-fj merged commit 09a32b4 into dev Oct 24, 2025
19 checks passed
@silva-fj silva-fj deleted the fix/remove-stored-oauth2-data-after-use branch October 24, 2025 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kailai-Wang Kailai-Wang Kailai-Wang approved these changes

@BillyWooo BillyWooo BillyWooo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@silva-fj @Kailai-Wang @BillyWooo