Closed zhaohuabing closed 4 days ago
I know some might say because the request is coming from server side PKCE isn't necessary, however, it improves the overall security posture of the implementation.
cc @mattklein123 @derekargueta
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
Title: OAuth2 filter: Proof Key for Code Exchange (PKCE)
Description:
PKCE (Proof Key for Code Exchange) is an extension to the OAuth 2.0 authorization code flow that can prevent the authorization code interception attack. Implementing it can significantly enhance the security of the OAuth2 filter .
[optional Relevant Links:]
Proof Key for Code Exchange by OAuth Public Clients
@arkodg @missBerg