Goal
Expand containment beyond the host to the identity layer.
Scope
- Implement signed requests to revoke OIDC tokens and force password resets.
- Add audit entries specifically for Identity-layer actions.
OpSec Mandate
Never store identity provider client secrets in the proxy. Use OIDC-based short-lived tokens or AWS Secrets Manager.
Goal
Expand containment beyond the host to the identity layer.
Scope
OpSec Mandate
Never store identity provider client secrets in the proxy. Use OIDC-based short-lived tokens or AWS Secrets Manager.