mortenVChristiansen
/
k_card
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
k_card/k_phone
History
Morten V. Christiansen 4b719a0846 Switch token binding from per-request URL+method to domain-level host+nonce 
Challenge is now SHA256(host|nonce) instead of SHA256(url|method|nonce).
A single card interaction authorises access to any path and method on the
gated domain, which is the intended granularity. Tests updated accordingly:
path/method rejection cases replaced with domain-level and tampered-host cases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-09 23:52:48 +02:00
..
android Phase 9: add Component 1 (filter_proxy), tests, session gate, doc update 2026-05-02 20:10:54 +02:00
integration_test Phase 9: add Component 1 (filter_proxy), tests, session gate, doc update 2026-05-02 20:10:54 +02:00
lib Switch token binding from per-request URL+method to domain-level host+nonce 2026-05-09 23:52:48 +02:00
test Switch token binding from per-request URL+method to domain-level host+nonce 2026-05-09 23:52:48 +02:00
pubspec.lock Phase 9: add Component 1 (filter_proxy), tests, session gate, doc update 2026-05-02 20:10:54 +02:00
pubspec.yaml Phase 9: add Component 1 (filter_proxy), tests, session gate, doc update 2026-05-02 20:10:54 +02:00