andyrzhao
commented
2 years ago OAuth2 golang core lib has just been updated to support PKCE params in the auth handler interface here: https://github.com/golang/oauth2/pull/568. Need one more PR to update oauth2l to use the new PKCE interface. #37 is currently being worked on independently. Both issues should be resolved by end of Q2 2022.
This is a prerequisite for #37, as otherwise oauth2l would be vulnerable to a local information leak attack in certain (rare) scenarios.