mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-14 20:09:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
release/26.6
keycloak/common
T
History
Awambeng Rodrick b99f1b5842 fix(oid4vc): use SecureRandom for nonce and time claim generation 
- replace non-cryptographic PRNG usage (java.util.Random, Math.random)
- use SecureRandom in JwtCNonceHandler for nonce length generation
- use SecureRandom in TimeClaimNormalizer for time claim randomization
- introduce centralized secure random utility (SecretGenerator)
- ensure uniform and unpredictable randomness in security-sensitive flows

Closes #47271

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Address review comments from @IngridPuppet

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
2026-03-26 17:44:47 +01:00
..
src
fix(oid4vc): use SecureRandom for nonce and time claim generation
2026-03-26 17:44:47 +01:00
pom.xml
Downgrade Java for client libraries to 8
2024-09-20 17:01:01 +02:00