ex_oauth2_provider icon indicating copy to clipboard operation
ex_oauth2_provider copied to clipboard

Published 20 hours ago verified publisher icon danschultzer

[PKCE] Enable For Code Grant

Open robotarmy opened this issue 6 years ago • 8 comments
trafficstars

Work in Progress:

Goal : config can enable pkce for response_type:code.

TODO: update schema. persist code_challenge_method , code_challenge. process code_verifier before token generation.

robotarmy avatar Aug 07 '19 01:08 robotarmy

@danschultzer Hi!

If you have any thoughts about the direction of this code - let me know!

Also - what version of elixir are you developing with. I have been using erlang 22.0 and elixir 1.9.1.

It would be possible to run elixir-format however I know it will modify the whitespace that has been manually injected in certain areas - Is it tolerable for you to accept elixir-format based auto-format?

Best,

Curtis

robotarmy avatar Aug 07 '19 01:08 robotarmy

Hey, any plan on finishing/merging this? PKCE support would be great.

lucacorti avatar May 16 '20 16:05 lucacorti

@danschultzer please give the PR a look According to the oAuth 2 Security BCP, PKCE is a requirement, not just recommendation

chvanikoff avatar Jul 07 '20 16:07 chvanikoff

According to the oAuth 2 Security BCP, PKCE is a requirement, not just recommendation

Good to know! I'll review this again, and get PKCE support in ASAP.

danschultzer avatar Jul 08 '20 06:07 danschultzer

@danschultzer, is there any update on this PR? Thanks!

deepankar-j avatar Aug 05 '20 12:08 deepankar-j

@danschultzer any updates here?

ericdude4 avatar Nov 11 '20 16:11 ericdude4

@danschultzer I'd be great to have PKCE support, cheers!

follmann avatar Feb 04 '21 11:02 follmann

~~If anyone is interested I have my own PKCE implementation on my fork while my PR gets reviewed.~~

EDIT: I'm no longer maintaining my fork

Ross65536 avatar Aug 22 '21 16:08 Ross65536