opengist icon indicating copy to clipboard operation
opengist copied to clipboard
verified publisher icon thomiceli

Implement PKCE for OAuth2

Open lf- opened this issue 1 year ago • 2 comments

Hi!

OpenGist currently doesn't support PKCE for OAuth2, the lack of which is not super secure. I have gone looking at the underlying library and it does support it since https://github.com/markbates/goth/commit/7593a5789e88654294f2b9b26757f6429057c7a9 which this project has, but implementing it is nonobvious, but here are some relevant issues/prs:

https://github.com/markbates/goth/issues/516 https://github.com/go-gitea/gitea/pull/21426

Additionally, here is some code, but it seems to be based on an older version of the goth code prior to direct pkce support: https://github.com/mozilla/protodash/blob/cdfb39b44c1bd8fe9d256c97d892b9fd37c88103/pkce/session.go#L43

lf- avatar Feb 29 '24 06:02 lf-

We’d like to set up an instance of OpenGist together with our service: https://weird.one/

..but we need PKCE for the cross-app login to work.

erlend-sh avatar Oct 21 '24 17:10 erlend-sh

Struggling to make PKCE work with Authentik, maybe I'm missing something, if someone could send a PR it would be great :)

thomiceli avatar Oct 24 '24 11:10 thomiceli