An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
834 matches across 4 categories. Click a row to expand file-level details.
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | main.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/theme_filter.go | 1 | // Copyright 2025 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/auto_signin_filter.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/mcp_util.go | 1 | // Copyright 2026 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/cors_filter.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/authz_filter.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/static_filter.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/lightweight_auth_filter.go | 1 | // Copyright 2026 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/record.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/request_body_filter.go | 1 | // Copyright 2026 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/timeout_filter.go | 1 | // Copyright 2024 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/base.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/router.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | routers/field_validation_filter.go | 1 | // Copyright 2025 The Casdoor Authors. All Rights Reserved. |
| LOW | faceId/provider.go | 1 | // Copyright 2025 The Casdoor Authors. All Rights Reserved. |
| LOW | faceId/aliyun.go | 1 | // Copyright 2025 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/okta.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/provider.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/kwai.go | 1 | // Copyright 2024 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/custom.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/web3onboard.go | 1 | // Copyright 2023 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/dingtalk.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/wecom_internal.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/infoflow_internal.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/qq.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/qq.go | 101 | // "city": "安道尔城", |
| LOW | idp/google.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/alipay.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/douyin.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/lark.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/telegram.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/gitlab.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/adfs.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/linkedin.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/bilibili.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/wecom_third_party.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/twitter.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/twitter.go | 121 | //{ |
| LOW | idp/azuread_b2c.go | 1 | // Copyright 2023 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/weibo.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/wechat.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/wechat.go | 141 | } |
| LOW | idp/facebook.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/facebook.go | 101 | token := oauth2.Token{ |
| LOW | idp/wechat_mobile.go | 1 | // Copyright 2025 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/wechat_miniprogram.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/gitee.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/casdoor.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/infoflow_third_party.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/metamask.go | 1 | // Copyright 2023 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/baidu.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/github.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | idp/github.go | 101 | // "avatar_url": "https://avatars.githubusercontent.com/u/3781234?v=4", |
| LOW | idp/github.go | 121 | // "hireable": true, |
| LOW | idp/goth.go | 1 | // Copyright 2021 The Casdoor Authors. All Rights Reserved. |
| LOW | scim/group_handler.go | 1 | // Copyright 2026 The Casdoor Authors. All Rights Reserved. |
| LOW | scim/server.go | 1 | // Copyright 2023 The Casdoor Authors. All Rights Reserved. |
| LOW | scim/util.go | 1 | // Copyright 2023 The Casdoor Authors. All Rights Reserved. |
| LOW | scim/user_handler.go | 1 | // Copyright 2023 The Casdoor Authors. All Rights Reserved. |
| LOW | pp/provider.go | 1 | // Copyright 2022 The Casdoor Authors. All Rights Reserved. |
| 712 more matches not shown… | |||
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | web/craco.config.js | 74 | function ignoreSourcemapsloaderWarnings(warning) { |
| LOW | web/public/ProviderHintRedirect.js | 48 | function isProviderVisibleForSignIn(providerItem) { |
| LOW | web/public/AuthCallbackHandler.js | 47 | function storeReactFallbackPayload(payload) { |
| LOW | web/src/Setting.js | 768 | export function isProviderVisibleForSignUp(providerItem) { |
| LOW | web/src/Setting.js | 776 | export function isProviderVisibleForSignIn(providerItem) { |
| LOW | web/src/Setting.js | 792 | export function getAllPromptedProviderItems(application) { |
| LOW | web/src/Setting.js | 796 | export function getAllPromptedSignupItems(application) { |
| LOW | web/src/Setting.js | 1497 | export function getCryptoAlgorithmOptions(cryptoAlgorithm) { |
| LOW | web/src/Setting.js | 1798 | export function getApplicationDisplayName(application) { |
| LOW | web/src/Setting.js | 1855 | export function isDefaultOrganizationSelected(account) { |
| LOW | web/src/Setting.js | 2079 | export function getDefaultHtmlEmailContent() { |
| LOW | web/src/Setting.js | 2122 | export function getDefaultInvitationHtmlEmailContent() { |
| LOW | web/src/ProviderEditPage.js | 47 | function isDefaultProviderDisplayName(displayName) { |
| LOW | web/src/ProviderEditPage.js | 61 | function getAutoProviderDisplayName(category, type, subType) { |
| LOW | web/src/OpenClawSessionGraphViewer.js | 234 | function OpenClawSessionGraphCanvas(props) { |
| LOW | web/src/OpenClawSessionGraphUtils.js | 20 | function parseOpenClawBehaviorPayload(message) { |
| LOW | web/src/OpenClawSessionGraphUtils.js | 209 | export function formatOpenClawSessionGraphTimestamp(timestamp) { |
| LOW | web/src/OpenClawSessionGraphUtils.js | 409 | export function buildOpenClawFlowElements(graph) { |
| LOW | web/src/auth/Util.js | 205 | export async function WechatOfficialAccountModal(application, provider, method) { |
| LOW | web/src/auth/Web3Auth.js | 133 | export function checkEthereumSignedTypedData(token) { |
| LOW | web/src/auth/GoogleLoginButton.js | 35 | export function GoogleOneTapLoginVirtualButton(prop) { |
| LOW | web/src/auth/Obfuscator.js | 18 | export function getRandomKeyForObfuscator(obfuscatorType) { |
| LOW | web/src/auth/Obfuscator.js | 62 | export function encryptByPasswordObfuscator(passwordObfuscatorType, passwordObfuscatorKey, password) { |
| LOW | web/src/provider/LogProviderFields.js | 22 | function getStorageProviderOptions(providers, owner) { |
| LOW | web/src/provider/IDVerificationProviderFields.js | 21 | export function renderIDVerificationProviderFields(provider, updateProviderField) { |
| LOW | web/src/provider/StorageProviderFields.js | 21 | export function renderStorageProviderFields(provider, updateProviderField) { |
| LOW | web/src/provider/EmailProviderFields.js | 26 | export function renderEmailProviderFields(provider, updateProviderField, renderEmailMappingInput, account) { |
| LOW | web/src/provider/OAuthProviderFields.js | 24 | export function renderOAuthProviderFields(provider, updateProviderField, renderUserMappingInput, certs = []) { |
| LOW | web/src/provider/CaptchaProviderFields.js | 21 | export function renderCaptchaProviderFields(provider, providerName) { |
| LOW | web/src/provider/NotificationProviderFields.js | 24 | export function renderNotificationProviderFields(provider, updateProviderField, getReceiverRow) { |
| LOW | web/src/provider/PaymentProviderFields.js | 23 | export function renderPaymentProviderFields(provider, updateProviderField, certs) { |
| LOW | web/src/provider/FaceIDProviderFields.js | 21 | export function renderFaceIdProviderFields(provider, updateProviderField) { |
| LOW | web/src/backend/ApplicationBackend.js | 27 | export function getApplicationsByOrganization(owner, organization, page = "", pageSize = "", field = "", value = "", sor |
| LOW | web/src/backend/UserWebauthnBackend.js | 17 | export function registerWebauthnCredential() { |
| LOW | web/src/backend/UserWebauthnBackend.js | 60 | export function deleteUserWebAuthnCredential(credentialID) { |
| LOW | web/src/backend/EntryBackend.js | 38 | export function getOpenClawSessionTranscriptUrl(owner, name) { |
| LOW | web/src/backend/EntryBackend.js | 42 | export function getOpenClawSessionTranscript(owner, name) { |
| LOW | web/src/backend/PermissionBackend.js | 27 | export function getPermissionsBySubmitter() { |
| LOW | web/src/table/TransactionTableColumns.js | 22 | export function getTransactionTableColumns(options = {}) { |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | idp/okta.go | 141 | "name" :"John Doe", |
| LOW | idp/casdoor.go | 103 | "email": "admin@example.com", |
| LOW | util/string_test.go | 101 | {"Should be return lorem_ipsum", "Lorem Ipsum", "lorem_ipsum"}, |
| LOW | util/string_test.go | 102 | {"Should be return Lorem Ipsum", "lorem Ipsum", "lorem_ipsum"}, |
| LOW | util/string_test.go | 103 | {"Should be return lorem_ipsum", "lorem ipsum", "loremipsum"}, |
| LOW | util/string_test.go | 145 | {"Scenery three", []string{"test", "lorem ipsum"}, "test/lorem ipsum"}, |
| LOW | util/string_test.go | 163 | {"Scenery three", "lorem ipsum", "80a751fde577028640c419000e33eba6"}, |
| LOW | swagger/swagger-ui.js | 2 | !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.am |
| LOW | swagger/swagger-ui-es-bundle-core.js | 2 | module.exports=function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};return e[ |
| LOW | swagger/swagger-ui-standalone-preset.js | 2 | !function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e():"function"==typeof define&&define.am |
| LOW | web/src/WebhookEditPage.js | 72 | "email": "admin@example.com", |
| LOW | object/syncer_googleworkspace_test.go | 33 | FullName: "John Doe", |
| LOW | object/syncer_googleworkspace_test.go | 55 | if originalUser.DisplayName != "John Doe" { |
| LOW | object/syncer_googleworkspace_test.go | 56 | t.Errorf("Expected DisplayName to be 'John Doe', got '%s'", originalUser.DisplayName) |
| LOW | object/syncer_googleworkspace_test.go | 79 | FullName: "Jane Doe", |
| LOW | object/syncer_googleworkspace_test.go | 166 | Host: "admin@example.com", |
| LOW | object/init.go | 173 | Email: "admin@example.com", |
| LOW | object/syncer_scim_test.go | 35 | DisplayName: "John Doe", |
| LOW | object/syncer_scim_test.go | 39 | Formatted: "John Doe", |
| LOW | object/syncer_scim_test.go | 54 | StreetAddress: "123 Main St", |
| LOW | object/syncer_scim_test.go | 78 | if originalUser.DisplayName != "John Doe" { |
| LOW | object/syncer_scim_test.go | 79 | t.Errorf("Expected DisplayName to be 'John Doe', got '%s'", originalUser.DisplayName) |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | object/saml_sp.go | 180 | // block.Bytes are DER encoded so the following code block should happily accept it |