oauth2

Asking about this since the NSA recently published guidance advising the public and private sectors to transition to cryptographic algorithms that are no less than sha384 & ec384 (elliptic curves).

While Edwards' Curves are different, its worth noting that prior to this update sha256 & secp256k1 were both on the list of acceptable cryptographic algorithms. My deduction was that 128-bit securit

Description 🐜

On line 173 in the Twitter OAuth provider source code the warning is causing authentication to revert to the TwitterLegacy provider. If the state of the warning is updated to warned=true (for example, the user logs in and then proceeds to log out).

!warned should not be in the if statement.

Is this a bug in your own project?

No

How to reproduce ☕️

Use TwitterPr

The repo containing the Dockerfile and the entrypoint is here.

If not for some particular exceptions, the status code returned from our WebAPI on error is always 500, regardless of the kind of error.

If an object already exists, for example, it should be returned as 409. If the object does not pass the schema validation, it should be a 415.

Go through the whole WebAPI and verify that the status codes are being returned correctly.

Hint: Error cl

Is your feature request related to a problem? Please describe.

The hydrator have only Basic auth - see config: https://www.ory.sh/oathkeeper/docs/pipeline/mutator/#configuration-4, however for more flexibility, similiar pre-authorization mechanism could ba added as in the instropsection authenticator handler: https://www.ory.sh/oathkeeper/docs/pipeline/mutator/#configuration-4

**Descri