New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't require client secret when using PKCE #337

Merged

DeepDiver1975 merged 1 commit into master from auth-code-flow

May 31, 2022

Contributor

C0rby commented May 31, 2022

The authorization code flow doesn't require a client secret in case of a public client. Instead, the client needs to use the PKCE extension and send a code challenge / code verifier.
That is why we don't compare the client secret when the client id and code verifier are set in the query parameters.


          don't require client secret when using PKCE

C0rby requested review from IljaN and DeepDiver1975

May 31, 2022 11:54

C0rby self-assigned this

sonarcloud bot commented May 31, 2022

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

0.0% Coverage
0.0% Duplication

IljaN approved these changes

View reviewed changes

Member

IljaN left a comment

LGTM but would also like a ✔️ from @DeepDiver1975

DeepDiver1975 approved these changes

View reviewed changes

DeepDiver1975 merged commit 40b2826 into master

delete-merged-branch bot deleted the auth-code-flow branch

May 31, 2022 13:49

dschmidt mentioned this pull request

oauth2 0.5.3 #330

Closed

42 tasks

jnweiger mentioned this pull request

[QA] 0.5.3 Testplan #329

Closed

This pull request was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet