Closed DonMartin76 closed 4 years ago
When verifying the code_challenge/code_verifier for the OAuth2 PKCE extension, wicked's authorization server does not base64-urlencode encode the expected output. This means that the check is sometimes valid, sometimes not.
When verifying the code_challenge/code_verifier for the OAuth2 PKCE extension, wicked's authorization server does not base64-urlencode encode the expected output. This means that the check is sometimes valid, sometimes not.