Closed rzontar closed 3 years ago
Tratcher
commented
3 years ago Thanks for the PR, I should be able to look it over next week.
FYI we don't have any releases scheduled for this product right now, there's no telling when this feature would be released.
We've also temporarily disabled publishing the nightly builds due to an infrastructure change.
rzontar
commented
3 years ago No hurry. We have developed a workaround using the OpenIdConnectAuthenticationNotifications. But there, we have to do some thing twice, like parsing and unprotecting the state parameter.
Tratcher
commented
3 years ago Thanks
This adds PKCE Support to the OpenIdConnectAuthenticationHandler from #334
The implementation is a port from ASP.NET Core respecting some of the missing APIs: https://github.com/dotnet/aspnetcore/blob/8a81194f372fa6fe63ded2d932d379955854d080/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L386 and https://github.com/dotnet/aspnetcore/blob/8a81194f372fa6fe63ded2d932d379955854d080/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L1134
I've added some unit test to cover the challenge redirects and tested the implementation using the sandbox and IdentityServer4.
It could be possible to upgrade the IdentityModel.* packages as well. But I'm not aware if this would cause any braking changes.