feature: PKCE challange

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

https://authcrunch.com/

Apache License 2.0

1.42k stars 70 forks source link

feature: PKCE challange #334

Open Hero9909 opened 5 months ago

Hero9909 commented 5 months ago

A clear and concise description of what you want the system to do.

Within the OAuth2 authorization flow it would be great to support the PKCE challange, as it improves the security. I was noticing this because Kanidm enforces this by default.

What are the Caddyfile directives that need to be added.

Add Caddyfile directive:

{
  security {
    oauth identity provider generic {
      use_pkce true|false
    }
  }
}