rusackas commented on PR #40024: URL: https://github.com/apache/superset/pull/40024#issuecomment-4774308438
@AlbertoSolaro This has drifted out of date and the backend tests are red, so it'll need a rebase. More importantly, an unauthenticated provider-discovery endpoint plus a cookie-to-JWT exchange is a sensitive surface I'd want the security folks to weigh in on before we go further. Can you rebase, and could you say more about the threat model for the session_token exchange? There are also a lot of bot comments to assess/address/resolve if you don't mind. Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
