-
I'm dealing with an Authorization Server that requires PKCE, but only support `plain` challenge method. For this reason, out-of-the-box RFC7636 support does not do the trick for me, since it only hand…
-
I would like to report several security vulnerabilities that I found while using this OAuth server library.
The vulnerabilities and their consequences are listed as following:
**Vulnerability 1:…
-
[This issue is imported from pivotal - Originaly created at Apr 26, 2019 by Okke Harsta](https://www.pivotaltracker.com/story/show/165638846)
Implement Proof Key for Code Exchange by OAuth Public Cli…
-
it seems to me that the auth part in the library is ment to use with jwt ( witch i disagree to use in most of web apps but this is another story ) and docs don't show how to make a custome auth provid…
-
### Description
The OAuth2 topic of the developer documentation does not mention that PKCE is supported.
Relevant comment by night that mentions PKCE support: https://github.com/discord/discord-ap…
-
### Problem description
_No response_
### Feature description
https://www.humblebundle.com/membership/collection
This is a collection of 50+ games available to monthly subscribers. New games get a…
-
### Answers checklist.
- [X] I have read the documentation [ESP-IDF Programming Guide](https://docs.espressif.com/projects/esp-idf/en/latest/) and the issue is not addressed there.
- [X] I have up…
-
I'm trying to use PKCE with the authorization code flow. It seems like the auth code flow requires you to use HTTP Basic auth to send along `client_id` and `client_secret` (so you must store `client_s…
-
**Is your feature request related to a problem? Please describe it.**
Our OAuth2 Vender only supports public application Authorization Code flow with [PKCE](https://tools.ietf.org/html/rfc7636) suppo…
-
Token handler on PCKE flow is not verifying code_verifier and expecting client_secret.
Providing client_secret will defeat PKCE flow.
Please assist.