aad-sso-wordpress icon indicating copy to clipboard operation
aad-sso-wordpress copied to clipboard

Published 20 hours ago verified publisher icon psignoret

Support for OAuth2 Authorization Code Flow

Open hkusulja opened this issue 2 years ago • 3 comments

As per Azure AD App update and support, to increase security, please support new "Authorization Code Flow" with PKCE and CORS instead of the current "Implicit flow". Meaning also, in Azure AD App registration > Authentication setting - migrate from "Web" to "Single-page application" redirect URIs. https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-app-types#single-page-apps-javascript.

hkusulja avatar Jan 13 '22 14:01 hkusulja

This plugin already implements the Authorization Code Flow, and does not implement the Implicit flow.

psignoret avatar Jan 13 '22 15:01 psignoret

Oh, my bad then, thank you for the update, please confirm that we can safely move Azure AD Authentication from "Web" to "Single-page application" inside Azure AD portal. Thank you

hkusulja avatar Jan 13 '22 15:01 hkusulja

No, if you remove the redirect URL from "Web", the plugin will break. This is not a single-page application, so configuring the redirect URL like that would be inappropriate (and it would not work).

I've opened issue #252 to track adding support for PKCE, but the redirect URL would still be "web".

psignoret avatar Jan 13 '22 15:01 psignoret