Merge branch 'master' into refactor-trust-provider

2023-01-09 10:11:23 +11:00 · 2023-01-09 10:11:23 +11:00 · 7ad25ecf3c
parent 3a2e228b5a 8ef90caac9
commit 7ad25ecf3c
18 changed files with 258 additions and 142 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@ -888,6 +888,34 @@
      "contributions": [
        "doc"
      ]
+    },
+    {
+      "login": "joshgordon",
+      "name": "Josh Gordon",
+      "avatar_url": "https://avatars.githubusercontent.com/u/2125341?v=4",
+      "profile": "http://joshgordon.net",
+      "contributions": [
+        "ideas",
+        "security"
+      ]
+    },
+    {
+      "login": "silasfrancisco",
+      "name": "silasfrancisco",
+      "avatar_url": "https://avatars.githubusercontent.com/u/84447762?v=4",
+      "profile": "https://github.com/silasfrancisco",
+      "contributions": [
+        "security"
+      ]
+    },
+    {
+      "login": "n4m3l3ss-b0t",
+      "name": "Ricardo Pesqueira",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1162710?v=4",
+      "profile": "https://github.com/n4m3l3ss-b0t",
+      "contributions": [
+        "security"
+      ]
    }
  ],
  "contributorsPerLine": 7
--- a/README.md
+++ b/README.md
@ -311,6 +311,11 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
      <td align="center"><a href="https://github.com/chillinPanda"><img src="https://avatars.githubusercontent.com/u/250694?v=4?s=100" width="100px;" alt="Dinh Bao Dang"/><br /><sub><b>Dinh Bao Dang</b></sub></a><br /><a href="https://github.com/authelia/authelia/commits?author=chillinPanda" title="Documentation">📖</a></td>
      <td align="center"><a href="https://github.com/levkoburburas"><img src="https://avatars.githubusercontent.com/u/62853952?v=4?s=100" width="100px;" alt="levkoburburas"/><br /><sub><b>levkoburburas</b></sub></a><br /><a href="https://github.com/authelia/authelia/commits?author=levkoburburas" title="Code">💻</a> <a href="#ideas-levkoburburas" title="Ideas, Planning, & Feedback">🤔</a> <a href="https://github.com/authelia/authelia/issues?q=author%3Alevkoburburas" title="Bug reports">🐛</a></td>
      <td align="center"><a href="https://github.com/tiuub"><img src="https://avatars.githubusercontent.com/u/46517077?v=4?s=100" width="100px;" alt="tiuub"/><br /><sub><b>tiuub</b></sub></a><br /><a href="https://github.com/authelia/authelia/commits?author=tiuub" title="Documentation">📖</a></td>
+      <td align="center"><a href="http://joshgordon.net"><img src="https://avatars.githubusercontent.com/u/2125341?v=4?s=100" width="100px;" alt="Josh Gordon"/><br /><sub><b>Josh Gordon</b></sub></a><br /><a href="#ideas-joshgordon" title="Ideas, Planning, & Feedback">🤔</a> <a href="#security-joshgordon" title="Security">🛡️</a></td>
+    </tr>
+    <tr>
+      <td align="center"><a href="https://github.com/silasfrancisco"><img src="https://avatars.githubusercontent.com/u/84447762?v=4?s=100" width="100px;" alt="silasfrancisco"/><br /><sub><b>silasfrancisco</b></sub></a><br /><a href="#security-silasfrancisco" title="Security">🛡️</a></td>
+      <td align="center"><a href="https://github.com/n4m3l3ss-b0t"><img src="https://avatars.githubusercontent.com/u/1162710?v=4?s=100" width="100px;" alt="Ricardo Pesqueira"/><br /><sub><b>Ricardo Pesqueira</b></sub></a><br /><a href="#security-n4m3l3ss-b0t" title="Security">🛡️</a></td>
    </tr>
  </tbody>
 </table>
--- a/go.mod
+++ b/go.mod
@ -28,7 +28,7 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/ory/fosite v0.44.0
 	github.com/ory/herodot v0.9.13
-	github.com/ory/x v0.0.528
+	github.com/ory/x v0.0.529
 	github.com/otiai10/copy v1.9.0
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
@ -39,7 +39,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/trustelem/zxcvbn v1.0.1
 	github.com/valyala/fasthttp v1.43.0
-	github.com/wneessen/go-mail v0.3.7
+	github.com/wneessen/go-mail v0.3.8
 	golang.org/x/sync v0.1.0
 	golang.org/x/term v0.4.0
 	golang.org/x/text v0.6.0
--- a/go.sum
+++ b/go.sum
@ -461,8 +461,8 @@ github.com/ory/herodot v0.9.13 h1:cN/Z4eOkErl/9W7hDIDLb79IO/bfsH+8yscBjRpB4IU=
 github.com/ory/herodot v0.9.13/go.mod h1:IWDs9kSvFQqw/cQ8zi5ksyYvITiUU4dI7glUrhZcJYo=
 github.com/ory/viper v1.7.5 h1:+xVdq7SU3e1vNaCsk/ixsfxE4zylk1TJUiJrY647jUE=
 github.com/ory/viper v1.7.5/go.mod h1:ypOuyJmEUb3oENywQZRgeAMwqgOyDqwboO1tj3DjTaM=
-github.com/ory/x v0.0.528 h1:26fXxJ5Zl5XDFjiCt5jdWQOI89Q2XogB1EnUeqx7P+M=
-github.com/ory/x v0.0.528/go.mod h1:XBqhPZRppPHTxtsE0l0oI/B2Onf1QJtMRGPh3CpEpA0=
+github.com/ory/x v0.0.529 h1:4E4i0XpIZaZxnkKZfzIZvXWhk+qAIPEpEy78tcyXeVM=
+github.com/ory/x v0.0.529/go.mod h1:XBqhPZRppPHTxtsE0l0oI/B2Onf1QJtMRGPh3CpEpA0=
 github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
 github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
@ -611,6 +611,8 @@ github.com/valyala/fasthttp v1.43.0/go.mod h1:f6VbjjoI3z1NDOZOv17o6RvtRSWxC77seB
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/wneessen/go-mail v0.3.7 h1:loEAGLvsDZLSiE6c+keBfg0gpias/R3ocFU8Eoh3Pq4=
 github.com/wneessen/go-mail v0.3.7/go.mod h1:m25lkU2GYQnlVr6tdwK533/UXxo57V0kLOjaFYmub0E=
+github.com/wneessen/go-mail v0.3.8 h1:ja5D/o/RVwrtRIYFlrO7GmtcjDNeMakGQuwQRZYv0JM=
+github.com/wneessen/go-mail v0.3.8/go.mod h1:m25lkU2GYQnlVr6tdwK533/UXxo57V0kLOjaFYmub0E=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
--- a/internal/commands/context.go
+++ b/internal/commands/context.go
@ -170,7 +170,7 @@ func (ctx *CmdCtx) LoadProviders() (warns, errs []error) {
 		ctx.providers.Notifier = notification.NewFileNotifier(*ctx.config.Notifier.FileSystem)
 	}

-	if ctx.providers.OpenIDConnect, err = oidc.NewOpenIDConnectProvider(ctx.config.IdentityProviders.OIDC, ctx.providers.StorageProvider); err != nil {
+	if ctx.providers.OpenIDConnect, err = oidc.NewOpenIDConnectProvider(ctx.config.IdentityProviders.OIDC, ctx.providers.StorageProvider, ctx.providers.Templates); err != nil {
 		errs = append(errs, err)
 	}

--- a/internal/handlers/handler_oidc_authorization.go
+++ b/internal/handlers/handler_oidc_authorization.go
@ -111,5 +111,9 @@ func OpenIDConnectAuthorization(ctx *middlewares.AutheliaCtx, rw http.ResponseWr
 		return
 	}

+	if requester.GetResponseMode() == oidc.ResponseModeFormPost {
+		ctx.SetUserValueBytes(middlewares.UserValueKeyFormPost, true)
+	}
+
 	ctx.Providers.OpenIDConnect.WriteAuthorizeResponse(ctx, rw, requester, responder)
 }
--- a/internal/middlewares/const.go
+++ b/internal/middlewares/const.go
@ -47,14 +47,15 @@ var (
 )

 var (
-	headerValueFalse          = []byte("false")
-	headerValueTrue           = []byte("true")
-	headerValueMaxAge         = []byte("100")
-	headerValueVary           = []byte("Accept-Encoding, Origin")
-	headerValueVaryWildcard   = []byte("Accept-Encoding")
-	headerValueOriginWildcard = []byte("*")
-	headerValueZero           = []byte("0")
-	headerValueCSPNone        = []byte("default-src 'none';")
+	headerValueFalse           = []byte("false")
+	headerValueTrue            = []byte("true")
+	headerValueMaxAge          = []byte("100")
+	headerValueVary            = []byte("Accept-Encoding, Origin")
+	headerValueVaryWildcard    = []byte("Accept-Encoding")
+	headerValueOriginWildcard  = []byte("*")
+	headerValueZero            = []byte("0")
+	headerValueCSPNone         = []byte("default-src 'none'")
+	headerValueCSPNoneFormPost = []byte("default-src 'none'; script-src 'sha256-skflBqA90WuHvoczvimLdj49ExKdizFjX2Itd6xKZdU='")

 	headerValueNoSniff                 = []byte("nosniff")
 	headerValueStrictOriginCrossOrigin = []byte("strict-origin-when-cross-origin")
@ -83,6 +84,9 @@ var (
 	// UserValueKeyBaseURL is the User Value key where we store the Base URL.
 	UserValueKeyBaseURL = []byte("base_url")

+	// UserValueKeyFormPost is the User Value key where we indicate the form_post response mode.
+	UserValueKeyFormPost = []byte("form_post")
+
 	headerSeparator = []byte(", ")

 	contentTypeTextPlain       = []byte("text/plain; charset=utf-8")
--- a/internal/middlewares/headers.go
+++ b/internal/middlewares/headers.go
@ -26,6 +26,22 @@ func SecurityHeadersCSPNone(next fasthttp.RequestHandler) fasthttp.RequestHandle
 	}
 }

+// SecurityHeadersCSPNoneOpenIDConnect middleware adds the Content-Security-Policy header with the value
+// "default-src 'none'" except in special circumstances.
+func SecurityHeadersCSPNoneOpenIDConnect(next fasthttp.RequestHandler) fasthttp.RequestHandler {
+	return func(ctx *fasthttp.RequestCtx) {
+		ctx.SetUserValueBytes(UserValueKeyFormPost, false)
+
+		next(ctx)
+
+		if modeFormPost, ok := ctx.UserValueBytes(UserValueKeyFormPost).(bool); ok && modeFormPost {
+			ctx.Response.Header.SetBytesKV(headerContentSecurityPolicy, headerValueCSPNoneFormPost)
+		} else {
+			ctx.Response.Header.SetBytesKV(headerContentSecurityPolicy, headerValueCSPNone)
+		}
+	}
+}
+
 // SecurityHeadersNoStore middleware adds the Pragma no-cache and Cache-Control no-store headers.
 func SecurityHeadersNoStore(next fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(ctx *fasthttp.RequestCtx) {
--- a/internal/oidc/config.go
+++ b/internal/oidc/config.go
@ -19,10 +19,11 @@ import (
 	"github.com/ory/fosite/token/jwt"

 	"github.com/authelia/authelia/v4/internal/configuration/schema"
+	"github.com/authelia/authelia/v4/internal/templates"
 	"github.com/authelia/authelia/v4/internal/utils"
 )

-func NewConfig(config *schema.OpenIDConnectConfiguration) *Config {
+func NewConfig(config *schema.OpenIDConnectConfiguration, templates *templates.Provider) *Config {
 	c := &Config{
 		GlobalSecret:               []byte(utils.HashSHA256FromString(config.HMACSecret)),
 		SendDebugMessagesToClients: config.EnableClientDebugMessages,
@ -38,6 +39,7 @@ func NewConfig(config *schema.OpenIDConnectConfiguration) *Config {
 			EnforcePublicClients:      config.EnforcePKCE != "never",
 			AllowPlainChallengeMethod: config.EnablePKCEPlainChallenge,
 		},
+		Templates: templates,
 	}

 	c.Strategy.Core = &HMACCoreStrategy{
@ -85,6 +87,8 @@ type Config struct {
 	HTTPClient           *retryablehttp.Client
 	FormPostHTMLTemplate *template.Template
 	MessageCatalog       i18n.MessageCatalog
+
+	Templates *templates.Provider
 }

 type HashConfig struct {
@ -502,7 +506,11 @@ func (c *Config) GetMessageCatalog(ctx context.Context) (catalog i18n.MessageCat

 // GetFormPostHTMLTemplate returns the form post HTML template.
 func (c *Config) GetFormPostHTMLTemplate(ctx context.Context) (tmpl *template.Template) {
-	return c.FormPostHTMLTemplate
+	if c.Templates == nil {
+		return nil
+	}
+
+	return c.Templates.GetOpenIDConnectAuthorizeResponseFormPostTemplate()
 }

 // GetTokenURL returns the token URL.
--- a/internal/oidc/provider.go
+++ b/internal/oidc/provider.go
@ -9,10 +9,11 @@ import (

 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/storage"
+	"github.com/authelia/authelia/v4/internal/templates"
 )

 // NewOpenIDConnectProvider new-ups a OpenIDConnectProvider.
-func NewOpenIDConnectProvider(config *schema.OpenIDConnectConfiguration, store storage.Provider) (provider *OpenIDConnectProvider, err error) {
+func NewOpenIDConnectProvider(config *schema.OpenIDConnectConfiguration, store storage.Provider, templates *templates.Provider) (provider *OpenIDConnectProvider, err error) {
 	if config == nil {
 		return nil, nil
 	}
@ -20,7 +21,7 @@ func NewOpenIDConnectProvider(config *schema.OpenIDConnectConfiguration, store s
 	provider = &OpenIDConnectProvider{
 		JSONWriter: herodot.NewJSONWriter(nil),
 		Store:      NewStore(config, store),
-		Config:     NewConfig(config),
+		Config:     NewConfig(config, templates),
 	}

 	provider.OAuth2Provider = fosite.NewOAuth2Provider(provider.Store, provider.Config)
--- a/internal/oidc/provider_test.go
+++ b/internal/oidc/provider_test.go
@ -16,7 +16,7 @@ import (
 var exampleIssuerPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAvcMVMB2vEbqI6PlSNJ4HmUyMxBDJ5iY7FS+zDDAHOZBg9S3S\nKcAn1CZcnyL0VvJ7wcdhR6oTnOwR94eKvzUyJZ+GL2hTMm27dubEYsNdhoCl6N3X\nyEEohNfoxiiCYraVauX8X3M9jFzbEz9+pacaDbHB2syaJ1qFmMNR+HSu2jPzOo7M\nlqKIOgUzA0741MaYNt47AEVg4XU5ORLdolbAkItmYg1QbyFndg9H5IvwKkYaXTGE\nlgDBcPUC0yVjAC15Mguquq+jZeQay+6PSbHTD8PQMOkLjyChI2xEhVNbdCXe676R\ncMW2R/gjrcK23zmtmTWRfdC1iZLSlHO+bJj9vQIDAQABAoIBAEZvkP/JJOCJwqPn\nV3IcbmmilmV4bdi1vByDFgyiDyx4wOSA24+PubjvfFW9XcCgRPuKjDtTj/AhWBHv\nB7stfa2lZuNV7/u562mZArA+IAr62Zp0LdIxDV8x3T8gbjVB3HhPYbv0RJZDKTYd\nzV6jhfIrVu9mHpoY6ZnodhapCPYIyk/d49KBIHZuAc25CUjMXgTeaVtf0c996036\nUxW6ef33wAOJAvW0RCvbXAJfmBeEq2qQlkjTIlpYx71fhZWexHifi8Ouv3Zonc+1\n/P2Adq5uzYVBT92f9RKHg9QxxNzVrLjSMaxyvUtWQCAQfW0tFIRdqBGsHYsQrFtI\nF4yzv8ECgYEA7ntpyN9HD9Z9lYQzPCR73sFCLM+ID99aVij0wHuxK97bkSyyvkLd\n7MyTaym3lg1UEqWNWBCLvFULZx7F0Ah6qCzD4ymm3Bj/ADpWWPgljBI0AFml+HHs\nhcATmXUrj5QbLyhiP2gmJjajp1o/rgATx6ED66seSynD6JOH8wUhhZUCgYEAy7OA\n06PF8GfseNsTqlDjNF0K7lOqd21S0prdwrsJLiVzUlfMM25MLE0XLDUutCnRheeh\nIlcuDoBsVTxz6rkvFGD74N+pgXlN4CicsBq5ofK060PbqCQhSII3fmHobrZ9Cr75\nHmBjAxHx998SKaAAGbBbcYGUAp521i1pH5CEPYkCgYEAkUd1Zf0+2RMdZhwm6hh/\nrW+l1I6IoMK70YkZsLipccRNld7Y9LbfYwYtODcts6di9AkOVfueZJiaXbONZfIE\nZrb+jkAteh9wGL9xIrnohbABJcV3Kiaco84jInUSmGDtPokncOENfHIEuEpuSJ2b\nbx1TuhmAVuGWivR0+ULC7RECgYEAgS0cDRpWc9Xzh9Cl7+PLsXEvdWNpPsL9OsEq\n0Ep7z9+/+f/jZtoTRCS/BTHUpDvAuwHglT5j3p5iFMt5VuiIiovWLwynGYwrbnNS\nqfrIrYKUaH1n1oDS+oBZYLQGCe9/7EifAjxtjYzbvSyg//SPG7tSwfBCREbpZXj2\nqSWkNsECgYA/mCDzCTlrrWPuiepo6kTmN+4TnFA+hJI6NccDVQ+jvbqEdoJ4SW4L\nzqfZSZRFJMNpSgIqkQNRPJqMP0jQ5KRtJrjMWBnYxktwKz9fDg2R2MxdFgMF2LH2\nHEMMhFHlv8NDjVOXh1KwRoltNGVWYsSrD9wKU9GhRCEfmNCGrvBcEg==\n-----END RSA PRIVATE KEY-----"

 func TestOpenIDConnectProvider_NewOpenIDConnectProvider_NotConfigured(t *testing.T) {
-	provider, err := NewOpenIDConnectProvider(nil, nil)
+	provider, err := NewOpenIDConnectProvider(nil, nil, nil)

 	assert.NoError(t, err)
 	assert.Nil(t, provider)
@ -39,7 +39,7 @@ func TestNewOpenIDConnectProvider_ShouldEnableOptionalDiscoveryValues(t *testing
 				},
 			},
 		},
-	}, nil)
+	}, nil, nil)

 	assert.NoError(t, err)

@ -88,7 +88,7 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GoodConfiguration(t *tes
 				},
 			},
 		},
-	}, nil)
+	}, nil, nil)

 	assert.NotNil(t, provider)
 	assert.NoError(t, err)
@ -109,7 +109,7 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOpenIDConnectWellKnow
 				},
 			},
 		},
-	}, nil)
+	}, nil, nil)

 	assert.NoError(t, err)

@ -199,7 +199,7 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOAuth2WellKnownConfig
 				},
 			},
 		},
-	}, nil)
+	}, nil, nil)

 	assert.NoError(t, err)

@ -278,7 +278,7 @@ func TestOpenIDConnectProvider_NewOpenIDConnectProvider_GetOpenIDConnectWellKnow
 				},
 			},
 		},
-	}, nil)
+	}, nil, nil)

 	assert.NoError(t, err)

--- a/internal/server/handlers.go
+++ b/internal/server/handlers.go
@ -226,27 +226,27 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
 	}

 	if providers.OpenIDConnect != nil {
-		middlewareOIDC := middlewares.NewBridgeBuilder(config, providers).WithPreMiddlewares(
-			middlewares.SecurityHeaders, middlewares.SecurityHeadersCSPNone, middlewares.SecurityHeadersNoStore,
+		bridgeOIDC := middlewares.NewBridgeBuilder(config, providers).WithPreMiddlewares(
+			middlewares.SecurityHeaders, middlewares.SecurityHeadersCSPNoneOpenIDConnect, middlewares.SecurityHeadersNoStore,
 		).Build()

-		r.GET("/api/oidc/consent", middlewareOIDC(handlers.OpenIDConnectConsentGET))
-		r.POST("/api/oidc/consent", middlewareOIDC(handlers.OpenIDConnectConsentPOST))
+		r.GET("/api/oidc/consent", bridgeOIDC(handlers.OpenIDConnectConsentGET))
+		r.POST("/api/oidc/consent", bridgeOIDC(handlers.OpenIDConnectConsentPOST))

 		allowedOrigins := utils.StringSliceFromURLs(config.IdentityProviders.OIDC.CORS.AllowedOrigins)

 		r.OPTIONS(oidc.EndpointPathWellKnownOpenIDConfiguration, policyCORSPublicGET.HandleOPTIONS)
-		r.GET(oidc.EndpointPathWellKnownOpenIDConfiguration, policyCORSPublicGET.Middleware(middlewareOIDC(handlers.OpenIDConnectConfigurationWellKnownGET)))
+		r.GET(oidc.EndpointPathWellKnownOpenIDConfiguration, policyCORSPublicGET.Middleware(bridgeOIDC(handlers.OpenIDConnectConfigurationWellKnownGET)))

 		r.OPTIONS(oidc.EndpointPathWellKnownOAuthAuthorizationServer, policyCORSPublicGET.HandleOPTIONS)
-		r.GET(oidc.EndpointPathWellKnownOAuthAuthorizationServer, policyCORSPublicGET.Middleware(middlewareOIDC(handlers.OAuthAuthorizationServerWellKnownGET)))
+		r.GET(oidc.EndpointPathWellKnownOAuthAuthorizationServer, policyCORSPublicGET.Middleware(bridgeOIDC(handlers.OAuthAuthorizationServerWellKnownGET)))

 		r.OPTIONS(oidc.EndpointPathJWKs, policyCORSPublicGET.HandleOPTIONS)
 		r.GET(oidc.EndpointPathJWKs, policyCORSPublicGET.Middleware(middlewareAPI(handlers.JSONWebKeySetGET)))

 		// TODO (james-d-elliott): Remove in GA. This is a legacy implementation of the above endpoint.
 		r.OPTIONS("/api/oidc/jwks", policyCORSPublicGET.HandleOPTIONS)
-		r.GET("/api/oidc/jwks", policyCORSPublicGET.Middleware(middlewareOIDC(handlers.JSONWebKeySetGET)))
+		r.GET("/api/oidc/jwks", policyCORSPublicGET.Middleware(bridgeOIDC(handlers.JSONWebKeySetGET)))

 		policyCORSAuthorization := middlewares.NewCORSPolicyBuilder().
 			WithAllowedMethods(fasthttp.MethodOptions, fasthttp.MethodGet, fasthttp.MethodPost).
@ -255,13 +255,13 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
 			Build()

 		r.OPTIONS(oidc.EndpointPathAuthorization, policyCORSAuthorization.HandleOnlyOPTIONS)
-		r.GET(oidc.EndpointPathAuthorization, policyCORSAuthorization.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))
-		r.POST(oidc.EndpointPathAuthorization, policyCORSAuthorization.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))
+		r.GET(oidc.EndpointPathAuthorization, policyCORSAuthorization.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))
+		r.POST(oidc.EndpointPathAuthorization, policyCORSAuthorization.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))

 		// TODO (james-d-elliott): Remove in GA. This is a legacy endpoint.
 		r.OPTIONS("/api/oidc/authorize", policyCORSAuthorization.HandleOnlyOPTIONS)
-		r.GET("/api/oidc/authorize", policyCORSAuthorization.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))
-		r.POST("/api/oidc/authorize", policyCORSAuthorization.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))
+		r.GET("/api/oidc/authorize", policyCORSAuthorization.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))
+		r.POST("/api/oidc/authorize", policyCORSAuthorization.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectAuthorization))))

 		policyCORSToken := middlewares.NewCORSPolicyBuilder().
 			WithAllowCredentials(true).
@ -271,7 +271,7 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
 			Build()

 		r.OPTIONS(oidc.EndpointPathToken, policyCORSToken.HandleOPTIONS)
-		r.POST(oidc.EndpointPathToken, policyCORSToken.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectTokenPOST))))
+		r.POST(oidc.EndpointPathToken, policyCORSToken.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectTokenPOST))))

 		policyCORSUserinfo := middlewares.NewCORSPolicyBuilder().
 			WithAllowCredentials(true).
@ -281,8 +281,8 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
 			Build()

 		r.OPTIONS(oidc.EndpointPathUserinfo, policyCORSUserinfo.HandleOPTIONS)
-		r.GET(oidc.EndpointPathUserinfo, policyCORSUserinfo.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectUserinfo))))
-		r.POST(oidc.EndpointPathUserinfo, policyCORSUserinfo.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectUserinfo))))
+		r.GET(oidc.EndpointPathUserinfo, policyCORSUserinfo.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectUserinfo))))
+		r.POST(oidc.EndpointPathUserinfo, policyCORSUserinfo.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OpenIDConnectUserinfo))))

 		policyCORSIntrospection := middlewares.NewCORSPolicyBuilder().
 			WithAllowCredentials(true).
@ -292,11 +292,11 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
 			Build()

 		r.OPTIONS(oidc.EndpointPathIntrospection, policyCORSIntrospection.HandleOPTIONS)
-		r.POST(oidc.EndpointPathIntrospection, policyCORSIntrospection.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthIntrospectionPOST))))
+		r.POST(oidc.EndpointPathIntrospection, policyCORSIntrospection.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthIntrospectionPOST))))

 		// TODO (james-d-elliott): Remove in GA. This is a legacy implementation of the above endpoint.
 		r.OPTIONS("/api/oidc/introspect", policyCORSIntrospection.HandleOPTIONS)
-		r.POST("/api/oidc/introspect", policyCORSIntrospection.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthIntrospectionPOST))))
+		r.POST("/api/oidc/introspect", policyCORSIntrospection.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthIntrospectionPOST))))

 		policyCORSRevocation := middlewares.NewCORSPolicyBuilder().
 			WithAllowCredentials(true).
@ -306,11 +306,11 @@ func handleRouter(config schema.Configuration, providers middlewares.Providers)
 			Build()

 		r.OPTIONS(oidc.EndpointPathRevocation, policyCORSRevocation.HandleOPTIONS)
-		r.POST(oidc.EndpointPathRevocation, policyCORSRevocation.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthRevocationPOST))))
+		r.POST(oidc.EndpointPathRevocation, policyCORSRevocation.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthRevocationPOST))))

 		// TODO (james-d-elliott): Remove in GA. This is a legacy implementation of the above endpoint.
 		r.OPTIONS("/api/oidc/revoke", policyCORSRevocation.HandleOPTIONS)
-		r.POST("/api/oidc/revoke", policyCORSRevocation.Middleware(middlewareOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthRevocationPOST))))
+		r.POST("/api/oidc/revoke", policyCORSRevocation.Middleware(bridgeOIDC(middlewares.NewHTTPToAutheliaHandlerAdaptor(handlers.OAuthRevocationPOST))))
 	}

 	r.HandleMethodNotAllowed = true
--- a/internal/templates/const.go
+++ b/internal/templates/const.go
@ -9,9 +9,12 @@ const (
 const (
 	TemplateNameEmailIdentityVerification = "IdentityVerification"
 	TemplateNameEmailEvent                = "Event"
+
+	TemplateNameOIDCAuthorizeFormPost = "AuthorizeResponseFormPost.html"
 )

 // Template Category Names.
 const (
 	TemplateCategoryNotifications = "notification"
+	TemplateCategoryOpenIDConnect = "oidc"
 )
--- a/internal/templates/provider.go
+++ b/internal/templates/provider.go
@ -3,7 +3,9 @@ package templates
 import (
 	"embed"
 	"fmt"
-	"text/template"
+	th "html/template"
+	"path"
+	tt "text/template"
 )

 // New creates a new templates' provider.
@ -35,7 +37,7 @@ func (p *Provider) LoadTemplatedAssets(fs embed.FS) (err error) {
 		return err
 	}

-	if p.templates.asset.index, err = template.
+	if p.templates.asset.index, err = tt.
 		New("assets/public_html/index.html").
 		Funcs(FuncMap()).
 		Parse(string(data)); err != nil {
@ -46,7 +48,7 @@ func (p *Provider) LoadTemplatedAssets(fs embed.FS) (err error) {
 		return err
 	}

-	if p.templates.asset.api.index, err = template.
+	if p.templates.asset.api.index, err = tt.
 		New("assets/public_html/api/index.html").
 		Funcs(FuncMap()).
 		Parse(string(data)); err != nil {
@ -57,7 +59,7 @@ func (p *Provider) LoadTemplatedAssets(fs embed.FS) (err error) {
 		return err
 	}

-	if p.templates.asset.api.spec, err = template.
+	if p.templates.asset.api.spec, err = tt.
 		New("api/public_html/openapi.yaml").
 		Funcs(FuncMap()).
 		Parse(string(data)); err != nil {
@ -92,6 +94,11 @@ func (p *Provider) GetIdentityVerificationEmailTemplate() (t *EmailTemplate) {
 	return p.templates.notification.identityVerification
 }

+// GetOpenIDConnectAuthorizeResponseFormPostTemplate returns a Template used to generate the OpenID Connect 1.0 Form Post Authorize Response.
+func (p *Provider) GetOpenIDConnectAuthorizeResponseFormPostTemplate() (t *th.Template) {
+	return p.templates.oidc.formpost
+}
+
 func (p *Provider) load() (err error) {
 	var errs []error

@ -103,6 +110,17 @@ func (p *Provider) load() (err error) {
 		errs = append(errs, err)
 	}

+	var data []byte
+
+	if data, err = embedFS.ReadFile(path.Join("src", TemplateCategoryOpenIDConnect, TemplateNameOIDCAuthorizeFormPost)); err != nil {
+		errs = append(errs, err)
+	} else if p.templates.oidc.formpost, err = th.
+		New("oidc/AuthorizeResponseFormPost.html").
+		Funcs(FuncMap()).
+		Parse(string(data)); err != nil {
+		errs = append(errs, err)
+	}
+
 	if len(errs) != 0 {
 		for i, e := range errs {
 			if i == 0 {
--- a/internal/templates/src/oidc/AuthorizeResponseFormPost.html
+++ b/internal/templates/src/oidc/AuthorizeResponseFormPost.html
@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<title>Submit This Form</title>
+		<script type="text/javascript">
+			window.onload = function() {
+				document.forms[0].submit();
+			};
+		</script>
+	</head>
+	<body>
+		<form method="post" action="{{ .RedirURL }}">
+			{{ range $key,$value := .Parameters }}
+			{{ range $parameter:= $value}}
+			<input type="hidden" name="{{$key}}" value="{{$parameter}}"/>
+			{{end}}
+			{{ end }}
+		</form>
+	</body>
+</html>
--- a/internal/templates/types.go
+++ b/internal/templates/types.go
@ -10,14 +10,21 @@ import (
 type Templates struct {
 	notification NotificationTemplates
 	asset        AssetTemplates
+	oidc         OpenIDConnectTemplates
 }

+type OpenIDConnectTemplates struct {
+	formpost *th.Template
+}
+
+// AssetTemplates are templates for specific key assets.
 type AssetTemplates struct {
 	index *tt.Template
-	api   APIAssetTemplates
+	api   OpenAPIAssetTemplates
 }

-type APIAssetTemplates struct {
+// OpenAPIAssetTemplates are asset templates for the OpenAPI specification.
+type OpenAPIAssetTemplates struct {
 	index *tt.Template
 	spec  *tt.Template
 }
--- a/web/package.json
+++ b/web/package.json
@ -31,13 +31,13 @@
    "axios": "1.2.2",
    "broadcast-channel": "4.20.1",
    "classnames": "2.3.2",
-    "i18next": "22.4.8",
+    "i18next": "22.4.9",
    "i18next-browser-languagedetector": "7.0.1",
    "i18next-http-backend": "2.1.1",
    "qrcode.react": "3.1.0",
    "react": "18.2.0",
    "react-dom": "18.2.0",
-    "react-i18next": "12.1.1",
+    "react-i18next": "12.1.4",
    "react-loading": "2.0.3",
    "react-router-dom": "6.6.1",
    "react18-input-otp": "1.1.2",
@ -156,7 +156,7 @@
    "@typescript-eslint/eslint-plugin": "5.48.0",
    "@typescript-eslint/parser": "5.48.0",
    "@vitejs/plugin-react": "3.0.1",
-    "esbuild": "0.16.14",
+    "esbuild": "0.16.15",
    "esbuild-jest": "0.5.0",
    "eslint": "8.31.0",
    "eslint-config-prettier": "8.6.0",
@ -173,7 +173,7 @@
    "jest-environment-jsdom": "29.3.1",
    "jest-transform-stub": "2.0.0",
    "jest-watch-typeahead": "2.2.1",
-    "prettier": "2.8.1",
+    "prettier": "2.8.2",
    "react-test-renderer": "18.2.0",
    "typescript": "4.9.4",
    "vite": "4.0.4",
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@ -28,7 +28,7 @@ specifiers:
  axios: 1.2.2
  broadcast-channel: 4.20.1
  classnames: 2.3.2
-  esbuild: 0.16.14
+  esbuild: 0.16.15
  esbuild-jest: 0.5.0
  eslint: 8.31.0
  eslint-config-prettier: 8.6.0
@ -41,18 +41,18 @@ specifiers:
  eslint-plugin-react: 7.31.11
  eslint-plugin-react-hooks: 4.6.0
  husky: 8.0.3
-  i18next: 22.4.8
+  i18next: 22.4.9
  i18next-browser-languagedetector: 7.0.1
  i18next-http-backend: 2.1.1
  jest: 29.3.1
  jest-environment-jsdom: 29.3.1
  jest-transform-stub: 2.0.0
  jest-watch-typeahead: 2.2.1
-  prettier: 2.8.1
+  prettier: 2.8.2
  qrcode.react: 3.1.0
  react: 18.2.0
  react-dom: 18.2.0
-  react-i18next: 12.1.1
+  react-i18next: 12.1.4
  react-loading: 2.0.3
  react-router-dom: 6.6.1
  react-test-renderer: 18.2.0
@ -79,13 +79,13 @@ dependencies:
  axios: 1.2.2
  broadcast-channel: 4.20.1
  classnames: 2.3.2
-  i18next: 22.4.8
+  i18next: 22.4.9
  i18next-browser-languagedetector: 7.0.1
  i18next-http-backend: 2.1.1
  qrcode.react: 3.1.0_react@18.2.0
  react: 18.2.0
  react-dom: 18.2.0_react@18.2.0
-  react-i18next: 12.1.1_25zoxyjt3sfdpelgxivbzvmrha
+  react-i18next: 12.1.4_iakk3dtjhjpukdoa4oua5khgci
  react-loading: 2.0.3_react@18.2.0
  react-router-dom: 6.6.1_biqbaboplfbrettd7655fr4n2y
  react18-input-otp: 1.1.2_biqbaboplfbrettd7655fr4n2y
@ -106,8 +106,8 @@ devDependencies:
  '@typescript-eslint/eslint-plugin': 5.48.0_k73wpmdolxikpyqun3p36akaaq
  '@typescript-eslint/parser': 5.48.0_iukboom6ndih5an6iafl45j2fe
  '@vitejs/plugin-react': 3.0.1_vite@4.0.4
-  esbuild: 0.16.14
-  esbuild-jest: 0.5.0_esbuild@0.16.14
+  esbuild: 0.16.15
+  esbuild-jest: 0.5.0_esbuild@0.16.15
  eslint: 8.31.0
  eslint-config-prettier: 8.6.0_eslint@8.31.0
  eslint-config-react-app: 7.0.1_hcgtzugqufufn3fem7cpkdlcvu
@ -115,7 +115,7 @@ devDependencies:
  eslint-import-resolver-typescript: 3.5.2_ol7jqilc3wemtdbq3nzhywgxq4
  eslint-plugin-import: 2.26.0_cxu27kyieece4tnvunezm4whiq
  eslint-plugin-jsx-a11y: 6.6.1_eslint@8.31.0
-  eslint-plugin-prettier: 4.2.1_32m5uc2milwdw3tnkcq5del26y
+  eslint-plugin-prettier: 4.2.1_iu5s7nk6dw7o3tajefwfiqfmge
  eslint-plugin-react: 7.31.11_eslint@8.31.0
  eslint-plugin-react-hooks: 4.6.0_eslint@8.31.0
  husky: 8.0.3
@ -123,7 +123,7 @@ devDependencies:
  jest-environment-jsdom: 29.3.1
  jest-transform-stub: 2.0.0
  jest-watch-typeahead: 2.2.1_jest@29.3.1
-  prettier: 2.8.1
+  prettier: 2.8.2
  react-test-renderer: 18.2.0_react@18.2.0
  typescript: 4.9.4
  vite: 4.0.4_@types+node@18.11.18
@ -2414,8 +2414,8 @@ packages:
    resolution: {integrity: sha512-AHPmaAx+RYfZz0eYu6Gviiagpmiyw98ySSlQvCUhVGDRtDFe4DBS0x1bSjdF3gqUDYOczB+yYvBTtEylYSdRhg==}
    dev: false

-  /@esbuild/android-arm/0.16.14:
-    resolution: {integrity: sha512-u0rITLxFIeYAvtJXBQNhNuV4YZe+MD1YvIWT7Nicj8hZAtRVZk2PgNH6KclcKDVHz1ChLKXRfX7d7tkbQBUfrg==}
+  /@esbuild/android-arm/0.16.15:
+    resolution: {integrity: sha512-JsJtmadyWcR+DEtHLixM7bAQsfi1s0Xotv9kVOoXbCLyhKPOHvMEyh3kJBuTbCPSE4c2jQkQVmarwc9Mg9k3bA==}
    engines: {node: '>=12'}
    cpu: [arm]
    os: [android]
@ -2423,8 +2423,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/android-arm64/0.16.14:
-    resolution: {integrity: sha512-hTqB6Iq13pW4xaydeqQrs8vPntUnMjbkq+PgGiBMi69eYk74naG2ftHWqKnxn874kNrt5Or3rQ0PJutx2doJuQ==}
+  /@esbuild/android-arm64/0.16.15:
+    resolution: {integrity: sha512-OdbkUv7468dSsgoFtHIwTaYAuI5lDEv/v+dlfGBUbVa2xSDIIuSOHXawynw5N9+5lygo/JdXa5/sgGjiEU18gQ==}
    engines: {node: '>=12'}
    cpu: [arm64]
    os: [android]
@ -2432,8 +2432,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/android-x64/0.16.14:
-    resolution: {integrity: sha512-jir51K4J0K5Rt0KOcippjSNdOl7akKDVz5I6yrqdk4/m9y+rldGptQUF7qU4YpX8U61LtR+w2Tu2Ph+K/UaJOw==}
+  /@esbuild/android-x64/0.16.15:
+    resolution: {integrity: sha512-dPUOBiNNWAm+/bxoA75o7R7qqqfcEzXaYlb5uJk2xGHmUMNKSAnDCtRYLgx9/wfE4sXyn8H948OrDyUAHhPOuA==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [android]
@ -2441,8 +2441,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/darwin-arm64/0.16.14:
-    resolution: {integrity: sha512-vrlaP81IuwPaw1fyX8fHCmivP3Gr73ojVEZy+oWJLAiZVcG8o8Phwun/XDnYIFUHxIoUnMFEpg9o38MIvlw8zw==}
+  /@esbuild/darwin-arm64/0.16.15:
+    resolution: {integrity: sha512-AksarYV85Hxgwh5/zb6qGl4sYWxIXPQGBAZ+jUro1ZpINy3EWumK+/4DPOKUBPnsrOIvnNXy7Rq4mTeCsMQDNA==}
    engines: {node: '>=12'}
    cpu: [arm64]
    os: [darwin]
@ -2450,8 +2450,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/darwin-x64/0.16.14:
-    resolution: {integrity: sha512-KV1E01eC2hGYA2qzFDRCK4wdZCRUvMwCNcobgpiiOzp5QXpJBqFPdxI69j8vvzuU7oxFXDgANwEkXvpeQqyOyg==}
+  /@esbuild/darwin-x64/0.16.15:
+    resolution: {integrity: sha512-qqrKJxoohceZGGP+sZ5yXkzW9ZiyFZJ1gWSEfuYdOWzBSL18Uy3w7s/IvnDYHo++/cxwqM0ch3HQVReSZy7/4Q==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [darwin]
@ -2459,8 +2459,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/freebsd-arm64/0.16.14:
-    resolution: {integrity: sha512-xRM1RQsazSvL42BNa5XC7ytD4ZDp0ZyJcH7aB0SlYUcHexJUKiDNKR7dlRVlpt6W0DvoRPU2nWK/9/QWS4u2fw==}
+  /@esbuild/freebsd-arm64/0.16.15:
+    resolution: {integrity: sha512-LBWaep6RvJm5KnsKkocdVEzuwnGMjz54fcRVZ9d3R7FSEWOtPBxMhuxeA1n98JVbCLMkTPFmKN6xSnfhnM9WXQ==}
    engines: {node: '>=12'}
    cpu: [arm64]
    os: [freebsd]
@ -2468,8 +2468,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/freebsd-x64/0.16.14:
-    resolution: {integrity: sha512-7ALTAn6YRRf1O6fw9jmn0rWmOx3XfwDo7njGtjy1LXhDGUjTY/vohEPM3ii5MQ411vJv1r498EEx2aBQTJcrEw==}
+  /@esbuild/freebsd-x64/0.16.15:
+    resolution: {integrity: sha512-LE8mKC6JPR04kPLRP9A6k7ZmG0k2aWF4ru79Sde6UeWCo7yDby5f48uJNFQ2pZqzUUkLrHL8xNdIHerJeZjHXg==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [freebsd]
@ -2477,8 +2477,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-arm/0.16.14:
-    resolution: {integrity: sha512-X6xULug66ulrr4IzrW7qq+eq9n4MtEyagdWvj4o4cmWr+JXOT47atjpDF9j5M2zHY0UQBmqnHhwl+tXpkpIb2w==}
+  /@esbuild/linux-arm/0.16.15:
+    resolution: {integrity: sha512-+1sGlqtMJTOnJUXwLUGnDhPaGRKqxT0UONtYacS+EjdDOrSgpQ/1gUXlnze45Z/BogwYaswQM19Gu1YD1T19/w==}
    engines: {node: '>=12'}
    cpu: [arm]
    os: [linux]
@ -2486,8 +2486,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-arm64/0.16.14:
-    resolution: {integrity: sha512-TLh2OcbBUQcMYRH4GbiDkDZfZ4t1A3GgmeXY27dHSI6xrU7IkO00MGBiJySmEV6sH3Wa6pAN6UtaVL0DwkGW4Q==}
+  /@esbuild/linux-arm64/0.16.15:
+    resolution: {integrity: sha512-mRYpuQGbzY+XLczy3Sk7fMJ3DRKLGDIuvLKkkUkyecDGQMmil6K/xVKP9IpKO7JtNH477qAiMjjX7jfKae8t4g==}
    engines: {node: '>=12'}
    cpu: [arm64]
    os: [linux]
@ -2495,8 +2495,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-ia32/0.16.14:
-    resolution: {integrity: sha512-oBZkcZ56UZDFCAfE3Fd/Jgy10EoS7Td77NzNGenM+HSY8BkdQAcI9VF9qgwdOLZ+tuftWD7UqZ26SAhtvA3XhA==}
+  /@esbuild/linux-ia32/0.16.15:
+    resolution: {integrity: sha512-puXVFvY4m8EB6/fzu3LdgjiNnEZ3gZMSR7NmKoQe51l3hyQalvTjab3Dt7aX4qGf+8Pj7dsCOBNzNzkSlr/4Aw==}
    engines: {node: '>=12'}
    cpu: [ia32]
    os: [linux]
@ -2504,8 +2504,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-loong64/0.16.14:
-    resolution: {integrity: sha512-udz/aEHTcuHP+xdWOJmZ5C9RQXHfZd/EhCnTi1Hfay37zH3lBxn/fNs85LA9HlsniFw2zccgcbrrTMKk7Cn1Qg==}
+  /@esbuild/linux-loong64/0.16.15:
+    resolution: {integrity: sha512-ATMGb3eg8T6ZTGZFldlGeFEcevBiVq6SBHvRAO04HMfUjZWneZ/U+JJb3YzlNZxuscJ4Tmzq+JrYxlk7ro4dRg==}
    engines: {node: '>=12'}
    cpu: [loong64]
    os: [linux]
@ -2513,8 +2513,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-mips64el/0.16.14:
-    resolution: {integrity: sha512-kJ2iEnikUOdC1SiTGbH0fJUgpZwa0ITDTvj9EHf9lm3I0hZ4Yugsb3M6XSl696jVxrEocLe519/8CbSpQWFSrg==}
+  /@esbuild/linux-mips64el/0.16.15:
+    resolution: {integrity: sha512-3SEA4L82OnoSATW+Ve8rPgLaKjC8WMt8fnx7De9kvi/NcVbkj8W+J7qnu/tK2P9pUPQP7Au/0sjPEqZtFeyKQQ==}
    engines: {node: '>=12'}
    cpu: [mips64el]
    os: [linux]
@ -2522,8 +2522,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-ppc64/0.16.14:
-    resolution: {integrity: sha512-kclKxvZvX5YhykwlJ/K9ljiY4THe5vXubXpWmr7q3Zu3WxKnUe1VOZmhkEZlqtnJx31GHPEV4SIG95IqTdfgfg==}
+  /@esbuild/linux-ppc64/0.16.15:
+    resolution: {integrity: sha512-8PgbeX+N6vmqeySzyxO0NyDOltCEW13OS5jUHTvCHmCgf4kNXZtAWJ+zEfJxjRGYhVezQ1FdIm7WfN1R27uOyg==}
    engines: {node: '>=12'}
    cpu: [ppc64]
    os: [linux]
@ -2531,8 +2531,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-riscv64/0.16.14:
-    resolution: {integrity: sha512-fdwP9Dc+Kx/cZwp9T9kNqjAE/PQjfrxbio4rZ3XnC3cVvZBjuxpkiyu/tuCwt6SbAK5th6AYNjFdEV9kGC020A==}
+  /@esbuild/linux-riscv64/0.16.15:
+    resolution: {integrity: sha512-U+coqH+89vbPVoU30no1Fllrn6gvEeO5tfEArBhjYZ+dQ3Gv7ciQXYf5nrT1QdlIFwEjH4Is1U1iiaGWW+tGpQ==}
    engines: {node: '>=12'}
    cpu: [riscv64]
    os: [linux]
@ -2540,8 +2540,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-s390x/0.16.14:
-    resolution: {integrity: sha512-++fw3P4fQk9nqvdzbANRqimKspL8pDCnSpXomyhV7V/ISha/BZIYvZwLBWVKp9CVWKwWPJ4ktsezuLIvlJRHqA==}
+  /@esbuild/linux-s390x/0.16.15:
+    resolution: {integrity: sha512-M0nKLFMdyFGBoitxG42kq6Xap0CPeDC6gfF9lg7ZejzGF6kqYUGT+pQGl2QCQoxJBeat/LzTma1hG8C3dq2ocg==}
    engines: {node: '>=12'}
    cpu: [s390x]
    os: [linux]
@ -2549,8 +2549,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/linux-x64/0.16.14:
-    resolution: {integrity: sha512-TomtswAuzBf2NnddlrS4W01Tv85RM9YtATB3OugY6On0PLM4Ksz5qvQKVAjtzPKoLgL1FiZtfc8mkZc4IgoMEA==}
+  /@esbuild/linux-x64/0.16.15:
+    resolution: {integrity: sha512-t7/fOXBUKfigvhJLGKZ9TPHHgqNgpIpYaAbcXQk1X+fPeUG7x0tpAbXJ2wST9F/gJ02+CLETPMnhG7Tra2wqsQ==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [linux]
@ -2558,8 +2558,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/netbsd-x64/0.16.14:
-    resolution: {integrity: sha512-U06pfx8P5CqyoPNfqIJmnf+5/r4mJ1S62G4zE6eOjS59naQcxi6GnscUCPH3b+hRG0qdKoGX49RAyiqW+M9aSw==}
+  /@esbuild/netbsd-x64/0.16.15:
+    resolution: {integrity: sha512-0k0Nxi6DOJmTnLtKD/0rlyqOPpcqONXY53vpkoAsue8CfyhNPWtwzba1ICFNCfCY1dqL3Ho/xEzujJhmdXq1rg==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [netbsd]
@ -2567,8 +2567,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/openbsd-x64/0.16.14:
-    resolution: {integrity: sha512-/Jl8XVaWEZNu9rZw+n792GIBupQwHo6GDoapHSb/2xp/Ku28eK6QpR2O9cPBkzHH4OOoMH0LB6zg/qczJ5TTGg==}
+  /@esbuild/openbsd-x64/0.16.15:
+    resolution: {integrity: sha512-3SkckazfIbdSjsGpuIYT3d6n2Hx0tck3MS1yVsbahhWiLvdy4QozTpvlbjqO3GmvtvhxY4qdyhFOO2wiZKeTAQ==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [openbsd]
@ -2576,8 +2576,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/sunos-x64/0.16.14:
-    resolution: {integrity: sha512-2iI7D34uTbDn/TaSiUbEHz+fUa8KbN90vX5yYqo12QGpu6T8Jl+kxODsWuMCwoTVlqUpwfPV22nBbFPME9OPtw==}
+  /@esbuild/sunos-x64/0.16.15:
+    resolution: {integrity: sha512-8PNvBC+O8X5EnyIGqE8St2bOjjrXMR17NOLenIrzolvwWnJXvwPo0tE/ahOeiAJmTOS/eAcN8b4LAZcn17Uj7w==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [sunos]
@ -2585,8 +2585,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/win32-arm64/0.16.14:
-    resolution: {integrity: sha512-SjlM7AHmQVTiGBJE/nqauY1aDh80UBsXZ94g4g60CDkrDMseatiqALVcIuElg4ZSYzJs8hsg5W6zS2zLpZTVgg==}
+  /@esbuild/win32-arm64/0.16.15:
+    resolution: {integrity: sha512-YPaSgm/mm7kNcATB53OxVGVfn6rDNbImTn330ZlF3hKej1e9ktCaljGjn2vH08z2dlHEf3kdt57tNjE6zs8SzA==}
    engines: {node: '>=12'}
    cpu: [arm64]
    os: [win32]
@ -2594,8 +2594,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/win32-ia32/0.16.14:
-    resolution: {integrity: sha512-z06t5zqk8ak0Xom5HG81z2iOQ1hNWYsFQp3sczVLVx+dctWdgl80tNRyTbwjaFfui2vFO12dfE3trCTvA+HO4g==}
+  /@esbuild/win32-ia32/0.16.15:
+    resolution: {integrity: sha512-0movUXbSNrTeNf5ZXT0avklEvlJD0hNGZsrrXHfsp9z4tK5xC+apCqmUEZeE9mqrb84Z8XbgGr/MS9LqafTP2A==}
    engines: {node: '>=12'}
    cpu: [ia32]
    os: [win32]
@ -2603,8 +2603,8 @@ packages:
    dev: true
    optional: true

-  /@esbuild/win32-x64/0.16.14:
-    resolution: {integrity: sha512-ED1UpWcM6lAbalbbQ9TrGqJh4Y9TaASUvu8bI/0mgJcxhSByJ6rbpgqRhxYMaQ682WfA71nxUreaTO7L275zrw==}
+  /@esbuild/win32-x64/0.16.15:
+    resolution: {integrity: sha512-27h5GCcbfomVAqAnMJWvR1LqEY0dFqIq4vTe5nY3becnZNu0SX8F0+gTk3JPvgWQHzaGc6VkPzlOiMkdSUunUA==}
    engines: {node: '>=12'}
    cpu: [x64]
    os: [win32]
@ -5136,7 +5136,7 @@ packages:
      is-symbol: 1.0.4
    dev: true

-  /esbuild-jest/0.5.0_esbuild@0.16.14:
+  /esbuild-jest/0.5.0_esbuild@0.16.15:
    resolution: {integrity: sha512-AMZZCdEpXfNVOIDvURlqYyHwC8qC1/BFjgsrOiSL1eyiIArVtHL8YAC83Shhn16cYYoAWEW17yZn0W/RJKJKHQ==}
    peerDependencies:
      esbuild: '>=0.8.50'
@ -5144,39 +5144,39 @@ packages:
      '@babel/core': 7.18.6
      '@babel/plugin-transform-modules-commonjs': 7.18.6_@babel+core@7.18.6
      babel-jest: 26.6.3_@babel+core@7.18.6
-      esbuild: 0.16.14
+      esbuild: 0.16.15
    transitivePeerDependencies:
      - supports-color
    dev: true

-  /esbuild/0.16.14:
-    resolution: {integrity: sha512-6xAn3O6ZZyoxZAEkwfI9hw4cEqSr/o1ViJtnkvImVkblmUN65Md04o0S/7H1WNu1XGf1Cjij/on7VO4psIYjkw==}
+  /esbuild/0.16.15:
+    resolution: {integrity: sha512-v+3ozjy9wyj8cOElzx3//Lsb4TCxPfZxRmdsfm0YaEkvZu7y6rKH7Zi1UpDx4JI7dSQui+U1Qxhfij9KBbHfrA==}
    engines: {node: '>=12'}
    hasBin: true
    requiresBuild: true
    optionalDependencies:
-      '@esbuild/android-arm': 0.16.14
-      '@esbuild/android-arm64': 0.16.14
-      '@esbuild/android-x64': 0.16.14
-      '@esbuild/darwin-arm64': 0.16.14
-      '@esbuild/darwin-x64': 0.16.14
-      '@esbuild/freebsd-arm64': 0.16.14
-      '@esbuild/freebsd-x64': 0.16.14
-      '@esbuild/linux-arm': 0.16.14
-      '@esbuild/linux-arm64': 0.16.14
-      '@esbuild/linux-ia32': 0.16.14
-      '@esbuild/linux-loong64': 0.16.14
-      '@esbuild/linux-mips64el': 0.16.14
-      '@esbuild/linux-ppc64': 0.16.14
-      '@esbuild/linux-riscv64': 0.16.14
-      '@esbuild/linux-s390x': 0.16.14
-      '@esbuild/linux-x64': 0.16.14
-      '@esbuild/netbsd-x64': 0.16.14
-      '@esbuild/openbsd-x64': 0.16.14
-      '@esbuild/sunos-x64': 0.16.14
-      '@esbuild/win32-arm64': 0.16.14
-      '@esbuild/win32-ia32': 0.16.14
-      '@esbuild/win32-x64': 0.16.14
+      '@esbuild/android-arm': 0.16.15
+      '@esbuild/android-arm64': 0.16.15
+      '@esbuild/android-x64': 0.16.15
+      '@esbuild/darwin-arm64': 0.16.15
+      '@esbuild/darwin-x64': 0.16.15
+      '@esbuild/freebsd-arm64': 0.16.15
+      '@esbuild/freebsd-x64': 0.16.15
+      '@esbuild/linux-arm': 0.16.15
+      '@esbuild/linux-arm64': 0.16.15
+      '@esbuild/linux-ia32': 0.16.15
+      '@esbuild/linux-loong64': 0.16.15
+      '@esbuild/linux-mips64el': 0.16.15
+      '@esbuild/linux-ppc64': 0.16.15
+      '@esbuild/linux-riscv64': 0.16.15
+      '@esbuild/linux-s390x': 0.16.15
+      '@esbuild/linux-x64': 0.16.15
+      '@esbuild/netbsd-x64': 0.16.15
+      '@esbuild/openbsd-x64': 0.16.15
+      '@esbuild/sunos-x64': 0.16.15
+      '@esbuild/win32-arm64': 0.16.15
+      '@esbuild/win32-ia32': 0.16.15
+      '@esbuild/win32-x64': 0.16.15
    dev: true

  /escalade/3.1.1:
@ -5407,7 +5407,7 @@ packages:
      semver: 6.3.0
    dev: true

-  /eslint-plugin-prettier/4.2.1_32m5uc2milwdw3tnkcq5del26y:
+  /eslint-plugin-prettier/4.2.1_iu5s7nk6dw7o3tajefwfiqfmge:
    resolution: {integrity: sha512-f/0rXLXUt0oFYs8ra4w49wYZBG5GKZpAYsJSm6rnYL5uVDjd+zowwMwVZHnAjf4edNrKpCDYfXDgmRE/Ak7QyQ==}
    engines: {node: '>=12.0.0'}
    peerDependencies:
@ -5420,7 +5420,7 @@ packages:
    dependencies:
      eslint: 8.31.0
      eslint-config-prettier: 8.6.0_eslint@8.31.0
-      prettier: 2.8.1
+      prettier: 2.8.2
      prettier-linter-helpers: 1.0.0
    dev: true

@ -6181,8 +6181,8 @@ packages:
      - encoding
    dev: false

-  /i18next/22.4.8:
-    resolution: {integrity: sha512-XSOy17ZWqflOiJRYE/dzv6vDle2Se32dnHREHb93UnZzZ1+UnvQ8yKtt1fpNL3zvXz5AwCqqixrtTVZmRetaiQ==}
+  /i18next/22.4.9:
+    resolution: {integrity: sha512-8gWMmUz460KJDQp/ob3MNUX84cVuDRY9PLFPnV8d+Qezz/6dkjxwOaH70xjrCNDO+JrUL25iXfAIN9wUkInNZw==}
    dependencies:
      '@babel/runtime': 7.20.7
    dev: false
@ -8022,8 +8022,8 @@ packages:
      fast-diff: 1.2.0
    dev: true

-  /prettier/2.8.1:
-    resolution: {integrity: sha512-lqGoSJBQNJidqCHE80vqZJHWHRFoNYsSpP9AjFhlhi9ODCJA541svILes/+/1GM3VaL/abZi7cpFzOpdR9UPKg==}
+  /prettier/2.8.2:
+    resolution: {integrity: sha512-BtRV9BcncDyI2tsuS19zzhzoxD8Dh8LiCx7j7tHzrkz8GFXAexeWFdi22mjE1d16dftH2qNaytVxqiRTGlMfpw==}
    engines: {node: '>=10.13.0'}
    hasBin: true
    dev: true
@ -8112,8 +8112,8 @@ packages:
      react: 18.2.0
      scheduler: 0.23.0

-  /react-i18next/12.1.1_25zoxyjt3sfdpelgxivbzvmrha:
-    resolution: {integrity: sha512-mFdieOI0LDy84q3JuZU6Aou1DoWW2fhapcTGeBS8+vWSJuViuoCLQAMYSb0QoHhXS8B0WKUOPpx4cffAP7r/aA==}
+  /react-i18next/12.1.4_iakk3dtjhjpukdoa4oua5khgci:
+    resolution: {integrity: sha512-XQND7jYtgM7ht5PH3yIZljCRpAMTlH/zmngM9ZjToqa+0BR6xuu8c7QF0WIIOEjcMTB2S3iOfpN/xG/ZrAnO6g==}
    peerDependencies:
      i18next: '>= 19.0.0'
      react: '>= 16.8.0 || 18'
@ -8125,9 +8125,9 @@ packages:
      react-native:
        optional: true
    dependencies:
-      '@babel/runtime': 7.20.6
+      '@babel/runtime': 7.20.7
      html-parse-stringify: 3.0.1
-      i18next: 22.4.8
+      i18next: 22.4.9
      react: 18.2.0
      react-dom: 18.2.0_react@18.2.0
    dev: false
@ -9313,7 +9313,7 @@ packages:
        optional: true
    dependencies:
      '@types/node': 18.11.18
-      esbuild: 0.16.14
+      esbuild: 0.16.15
      postcss: 8.4.20
      resolve: 1.22.1
      rollup: 3.7.4