This sample demonstrates PingOne Authentication and some Management API services usage like - registration of a new user, user password update by logged in user or by application itself, recovery a forgotten password scenario and of course - OAuth2/OIDC implementation
License: Other
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
I cannot login with a registered user (created in ping). and get this error:
With the new update. One cannot register a user.
In the application.yml file the uri needs to point to the correct region in order for the sample to function.
It is set to https://auth.pingone.com by default in the application.yml file.
ex. It needs to be set to https://auth.pingone.ca for Canada.
Suggestion: Change "localhost" to "0.0.0.0". That way if you deploy to another location you don't have to modify this value. Shouldn't be a security issue for a sample app.
The werkzeug library made some breaking changes with the 1.0 release, so the flask app fails to launch and throws a
ImportError: cannot import name 'url_encode' from 'werkzeug'
StackOverflow covers this issue and the easiest workaround (explicitly using v0.16.0) https://stackoverflow.com/questions/60896993/importerror-cannot-import-name-url-encode-from-werkzeug
Could not find artifact com.pingidentity.samples:spring-boot-sdk:jar:0.0.6-SNAPSHOT in github (https://raw.github.com/pingidentity/pingone-customers-spring-boot-tools/mvn-repo/)
Ive tried this on both mac and windows. Using the token key that has been set up in the settings.xml file
spring-boot-starter-parent has a transitive-dependency on jackson-databind which has a known security vulnerability, CVE-2018-1000873. jackson-databind version before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability that can result in a denial-of-service (DoS).
This vulnerability has been fixed in 2.9.8, this project is importing version 2.9.7.
com.pingidentity.samples:custom-user-registration:jar:0.0.1-SNAPSHOT
+- com.pingidentity.samples:spring-boot-sdk:jar:0.0.1-SNAPSHOT:compile
| +- org.springframework.boot:spring-boot-starter:jar:2.1.3.RELEASE:compile
| ...
| +- org.springframework.boot:spring-boot-starter-web:jar:2.1.3.RELEASE:compile
| | +- org.springframework.boot:spring-boot-starter-json:jar:2.1.3.RELEASE:compile
| | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile
| | | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
| | | | \- com.fasterxml.jackson.core:jackson-core:jar:2.9.7:compile
| | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.7:compile
| | | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.7:compile
| | | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.7:compile
| ...
| \
| +- org.springframework.security.oauth:spring-security-oauth2:jar:2.2.0.RELEASE:compile
| | +- commons-codec:commons-codec:jar:1.11:compile
| | \- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
| | \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
| \- io.openapitools.jackson.dataformat:jackson-dataformat-hal:jar:1.0.5:compile
| \- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.7:compile
| +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.7:compile
| \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.7:compile
To address, the Security Team recommends a version-range maven dependency coordinate, e.g.
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
- <version>2.1.1.RELEASE</version>
+ <version>[2.1.3.RELEASE,3.0.0.RELEASE)</version>
</parent>`
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.