developer-portal icon indicating copy to clipboard operation
developer-portal copied to clipboard
verified publisher icon worldcoin

fix: no auth on /token with PKCE

Open 0xPenryn opened this issue 2 years ago • 1 comments

bypasses the check of the authorization header or client secret on the /token endpoint if the code_verifier param is present, which is only when using auth code flow with PKCE

0xPenryn avatar Sep 18 '23 15:09 0xPenryn

missing test cases, and if you can upgrade to [email protected] for all CI tests to pass

paolodamico avatar Sep 20 '23 19:09 paolodamico

@0xPenryn Close this?

andy-t-wang avatar Jun 06 '24 01:06 andy-t-wang