-
### Environment
```
System:
OS: macOS 14.5
CPU: (10) arm64 Apple M1 Max
Memory: 857.22 MB / 32.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 20.12.0 - /usr/local/bin/node
…
-
### What happened?
When I try to log in with tidal-dl-ng login or start a GUI version (both installed from pip and downloaded from releases) I get error about some JSON.
I already tried to use thi…
-
[Relying Parties](https://infosec.mozilla.org/guidelines/iam/openid_connect.html) is OIDC-speak for web apps.
#### Requirements.
- [OIDC](https://developer.okta.com/blog/2019/10/21/illustrated-g…
-
PKCE is the new recommended flow to replace implicit flow in order to reduce security risks associated with leaking the secret key.
Is PKCE already supported? If not, can you make a sketch on how t…
-
Per the current [OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-19#section-2.1.1):
```
Clients MUST prevent injection (replay) of au…
-
Hi there,
This example repo appears to have a security flaw.
During the login process, you call set_pkce_challenge during the initial oauth call, however during exchange_code, you do not call s…
-
Hi, the plugin is working perfectly with iOS and Android.
I was running my app under web develop mode, with Chrome, but I have 1 error calling:
```
var client = await oauth2.resourceOwnerPasswor…
-
The [OAuth 2.0 for Browser-Based Apps](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps-10) specification details the security considerations and best practices when developin…
-
Token handler on PCKE flow is not verifying code_verifier and expecting client_secret.
Providing client_secret will defeat PKCE flow.
Please assist.
-
Some OAuth 2.0 servers and the [OAuth 2.1](https://oauth.net/2.1/) draft specification require PKCE, but IdentityModel lacks a method to derive an `S256` code challenge from a code verifier, so I have…