cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
zitadel-oidc/example/client
History
Ayato c51628ea27
feat(op): always verify code challenge when available (#721) 
Finally the RFC Best Current Practice for OAuth 2.0 Security has been approved.

According to the RFC:

> Authorization servers MUST support PKCE [RFC7636].
> 
> If a client sends a valid PKCE code_challenge parameter in the authorization request, the authorization server MUST enforce the correct usage of code_verifier at the token endpoint.

Isn’t it time we strengthen PKCE support a bit more?

This PR updates the logic so that PKCE is always verified, even when the Auth Method is not "none".
2025-03-24 18:00:04 +02:00
..
api chore(op): upgrade go-chi/chi to v5 (#462) 2023-10-16 11:02:56 +02:00
app feat(op): always verify code challenge when available (#721) 2025-03-24 18:00:04 +02:00
device chore(example): add device package level documentation (#510) 2024-01-08 10:21:28 +01:00
github upgrade this module to v3 2023-03-20 13:38:21 +02:00
service Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00