tpazderka
commented
6 years ago Yes, it looks like a partial implenmentation. The storing of the code_verifier is not handled in the code.
Open bmerry opened 6 years ago
tpazderka
commented
6 years ago Yes, it looks like a partial implenmentation. The storing of the code_verifier is not handled in the code.
Goldziher
commented
3 years ago I assume this issue is stale? If so I will work to add a PR for this in the near future.
schlenk
commented
3 years ago A PR would be welcome.
bmerry
commented
3 years ago We ended up not using OpenID, so this is no longer relevant to me and I don't mind whether it is kept open for a future PR or closed due to my question being answered.
tpazderka
commented
3 years ago I don't mind keeping this open as a TODO.
Goldziher
commented
3 years ago I'm afraid our client requires this, so I will implement this and add a PR.
Goldziher
commented
3 years ago Well, project cancelled. No go.
This is more a question than a bug report. Does pyoidc support PKCE (RFC 7636), and if so, how does one use it? I went digging into the code and found this, which seems to handle adding the code challenge to the authorization request, but the code verifier doesn't seem to be saved anywhere to send with the access token request.