-
### Summary
As per OIDC spec [9. ClientAuthentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) one of the client authentication method is `none` hence we shoul…
-
# Requirement
PKCE (Proof Key for Code Exchange by OAuth Public Clients)
- RFC 7636
https://tools.ietf.org/html/rfc7636
- Is it necessary to corresponde for RFC 7636 ?
- Can the ASP.NET Ide…
-
This implementation forces `code_verifier` to be exactly 32 (ASCII) characters long. However, according to [RFC 7636 § 4.1](https://tools.ietf.org/html/rfc7636#section-4.1), the `code_verifier` is ex…
-
I would love to see support for [RFC 7636](https://tools.ietf.org/html/rfc7636) built into Hydra. I currently have some dependency on it for an existing client and it is something would prevent me fro…
-
Is it planned that CF UAA supports public clients (clients without any secret) using "token_endpoint_auth_method"="none" (RFC 7591) and PKCE (RFC 7636) ?
Thanks,
Sebastian
-
The CryptTrait currently gets used for encrypting/decrypting the Authorization Code and Refresh Token. Curiously, it uses the private key to encrypt and the public key to decrypt, rather than the othe…
-
See [RFC-7636](https://tools.ietf.org/html/rfc7636)
-
[RFC 7636](https://tools.ietf.org/html/rfc7636) adds a mechanism to protect the auth code in a way that makes it (nearly) impossible for a MITM attacker to hijack it.
-
According to [RFC 7636](https://tools.ietf.org/html/rfc7636#section-7.2) , "The use of 'S256' protects against disclosure of the 'code_verifier' value to an attacker.", but isn't that as a client app,…
-
magmad.so is not being generated when I use build.lin.sh load
How do I get this file to be generated?