-
Per the current [OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.1.1):
```
Clients MUST prevent injection (replay) of au…
-
> This issue has been addressed in #2
That doesn't really fix the problem.
The code verifier should not be a hardcoded value, it's supposed to be unique for each request...
These values **are…
-
# Bug
Current EVE SSO implementation of /v2/oauth/token endpoint for PKCE uses unnecessary BASE64URL-ENCODING for _code_verifier_ parameter.
According to [RFC 7636 Proof Key for Code Exchange by…
-
**Why have you chosen OAuth 1.0a instead of OAuth 2.0 ([RFC 6749](https://tools.ietf.org/html/rfc6749))?** OAuth 1.0a is a futureless specification.
Many specifications have been standardized based o…
-
Hi,
How do we extend this framework to support code_verifier and code_challenge functionality specified in RFC 7636 (Proof Key for Code Exchange) PCKE?
The code_challege needs to be persisted alo…
-
This is more a question than a bug report. Does pyoidc support PKCE (RFC 7636), and if so, how does one use it? I went digging into the code and found [this](https://github.com/OpenIDC/pyoidc/blob/69a…
-
## links
- [ ] [[TODO] [feature] Nim error messages should show line contents, would save lots of debugging time · Issue #7586 · nim-lang/Nim](https://github.com/nim-lang/Nim/issues/7586)
- [ ] [[TO…
-
## Summary
Add support for [RFC 7636: Proof Key for Code Exchange](https://oauth.net/2/pkce/) (PKCE).
## Additional Context
PKCE was originally designed to protect the authorization code flow…
-
Some authentication issues to find a resolution to in the Solid-OIDC and Solid protocol specs, in order of priority:
(Auth 1) Essential for Solid-OIDC: RFC 9207 should be adopted to avoid identity …
-
A solução atual do gov.br suporta que os tokens de acesso sejam obtidos diretamente por [_public clients_](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), uma SPA por exemplo?
A priori,…