cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
zitadel-oidc/example/server
History
Ayato c51628ea27
feat(op): always verify code challenge when available (#721) 
Finally the RFC Best Current Practice for OAuth 2.0 Security has been approved.

According to the RFC:

> Authorization servers MUST support PKCE [RFC7636].
> 
> If a client sends a valid PKCE code_challenge parameter in the authorization request, the authorization server MUST enforce the correct usage of code_verifier at the token endpoint.

Isn’t it time we strengthen PKCE support a bit more?

This PR updates the logic so that PKCE is always verified, even when the Auth Method is not "none".
2025-03-24 18:00:04 +02:00
..
config feat(example): Allow configuring some parameters with env variables (#663) 2024-10-21 20:59:28 +02:00
dynamic chore(op): upgrade go-chi/chi to v5 (#462) 2023-10-16 11:02:56 +02:00
exampleop feat(op): always verify code challenge when available (#721) 2025-03-24 18:00:04 +02:00
storage feat(op): always verify code challenge when available (#721) 2025-03-24 18:00:04 +02:00
main.go feat: add redirect URI-s ENV setting to web clients (#693) 2025-01-03 08:27:01 +00:00
service-key1.json docs(example): implement OpenID Provider (#165) 2022-04-21 17:54:00 +02:00