Skip to content

Implement rate limiting for OIDC Login #67

Description

@JaredM2028

As a system administrator, I want POST /auth/client-select to be rate limited by IP address, so that an attacker cannot enumerate valid usernames or abuse OIDC discovery at scale.

See app/controllers/oidc_login_controller.rb:25
expertiza#335 (comment)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions