Edge Cases

Malformed tokens and encoding attacks and boundary analysis.

Requirements Coverage

REQ-TOKEN-006

Block tokens with malformed characters

REQ-PROXY-011

Never follow HTTP redirects from upstream

REQ-SEC-003

Prevent session fixation attacks

Test Examples

EDGE-001BLOCKED

Malformed token rejected

Sample Request

# Token with newline characters in JWT
# ALG detects malformed structure before forwarding

Expected Response

{"error":"server_error","error_description":"Malformed token detected"}
EDGE-002BLOCKED

Upstream redirect not followed

Sample Request

# Keycloak returns 302 redirect
# ALG passes it through unchanged, never follows

Expected Response

HTTP/1.1 302 Found
Location: https://keycloak.internal/auth/...