From ba65cc50b7b468f0738398312a468ea413727bdc Mon Sep 17 00:00:00 2001
From: Matthias Benkard <matthias.benkard@egym.de>
Date: Tue, 14 Apr 2015 08:39:27 +0000
Subject: QT-1900 Add a CSRF token to the OIDC login flow.

This improves security by generating a CSRF token, passing it to the
OIDC IdP, and validating it afterwards.  The token is stored in
a cookie reverse-encrypted with MulkyID's private key.
---
 build.PL | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'build.PL')

diff --git a/build.PL b/build.PL
index 6e008d3..7c320e2 100644
--- a/build.PL
+++ b/build.PL
@@ -29,7 +29,9 @@ my $build = Net::MulkyID::Builder->new
                           "OIDC::Lite::Client::WebServer" => 0,
                           "OIDC::Lite::Model::IDToken" => 0,
                           "LWP::UserAgent" => 0,
-                          "HTTP::Request" => 0
+                          "HTTP::Request" => 0,
+                          "Math::Random::ISAAC::XS" => 0,
+                          "Bytes::Random::Secure" => 0
                          },
    build_requires     => {
                           "LWP::Simple" => 0,
-- 
cgit v1.2.3