search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.53k stars 4.73k forks source link

OAuth2 filter: Proof Key for Code Exchange (PKCE) #35230

Closed zhaohuabing closed 4 days ago

zhaohuabing commented 1 month ago

Title: OAuth2 filter: Proof Key for Code Exchange (PKCE)

Description:

Describe the desired behavior, what scenario it enables and how it would be used.

PKCE (Proof Key for Code Exchange) is an extension to the OAuth 2.0 authorization code flow that can prevent the authorization code interception attack. Implementing it can significantly enhance the security of the OAuth2 filter .

[optional Relevant Links:]

Any extra documentation required to understand the issue.

Proof Key for Code Exchange by OAuth Public Clients

@arkodg @missBerg

missBerg commented 1 month ago

I know some might say because the request is coming from server side PKCE isn't necessary, however, it improves the overall security posture of the implementation.

KBaichoo commented 1 month ago

cc @mattklein123 @derekargueta

github-actions[bot] commented 1 week ago

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

github-actions[bot] commented 4 days ago

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.