cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
zitadel-oidc/pkg
History
Ayato c51628ea27
feat(op): always verify code challenge when available (#721) 
Finally the RFC Best Current Practice for OAuth 2.0 Security has been approved.

According to the RFC:

> Authorization servers MUST support PKCE [RFC7636].
> 
> If a client sends a valid PKCE code_challenge parameter in the authorization request, the authorization server MUST enforce the correct usage of code_verifier at the token endpoint.

Isn’t it time we strengthen PKCE support a bit more?

This PR updates the logic so that PKCE is always verified, even when the Auth Method is not "none".
2025-03-24 18:00:04 +02:00
..
client fix: migrate deprecated io/ioutil.ReadFile to os.ReadFile (#714) 2025-02-21 09:52:02 +00:00
crypto feat(crypto): hash algorithm for EdDSA (#638) 2024-08-21 07:32:13 +00:00
http feat: return oidc.Error in case of call token failure (#571) 2024-04-01 13:55:22 +00:00
oidc fix: ignore empty json strings for locale (#678) 2025-03-14 10:30:08 +00:00
op feat(op): always verify code challenge when available (#721) 2025-03-24 18:00:04 +02:00
strings refactor: mark pkg/strings as deprecated in favor of stdlib (#680) 2024-11-15 18:47:32 +02:00