Open bythewood opened 3 years ago
This already exists.
Does it? As far as I can see the latest release only supports client/server secrets for OAuth, which is implicit flow. You're probably thinking of OAuth providers (not sources), which Gitea does support Private Key JWT and PKCE for that.
I've re-opened this, but it may require some changes in https://github.com/markbates/goth upstream before we can support it.
@techknowlogick Is this supported now?
Currently authentication sources for OAuth2 only support shared secrets (implicit flow), which is not recommended for security reasons. Recommend implementation of Private Key JWT and/or PKCE for OAuth2 authentication sources.