Closed READ10 closed 1 year ago
I should have mentioned that this requires the most recent django-allauth from git, what's available from pypi isn't new enough.
Thank you for taking the time to consider this change. Please. see https://github.com/iMerica/dj-rest-auth/blob/master/README.md#a-note-on-django-allauth-from-imerica
@iMerica I read through your Readme notes and I still don't quite understand the rejection reason for this request. This was a rejection of a security improvement which is part of the Oauth standard and not an allauth specific feature.
django-allauth has implemented support for PKCE. This RFC PR adds the necessary code_verifier field to the serializer. I've tested it with Google, but I'd like feedback on whether this is something you'd consider merging before I spend more time on it.