search

istio-ecosystem / authservice

Move OIDC token acquisition out of your app code and into the Istio mesh
Apache License 2.0
217 stars 63 forks source link

Add support for PKCE #265

Closed gdasson closed 2 weeks ago

gdasson commented 2 weeks ago

This PR adds support for PKCE (Proof Key for Code Exchange) to enhance the security of the OAuth 2.0 Authorization Code flow. It includes generating a code verifier and code challenge, and ensures these parameters are used during the authorization and token exchange processes. This update aligns with OAuth 2.0 best practices and improves compatibility with identity providers that require PKCE.

More details about PKCE here:

nacx commented 2 weeks ago

CI complains about project not being go mod tidied.

Since we have code generation, the check job makes sure there are no changes after regenerating/formatting everything, and fails early if that's not the case.

If you run locally make check locally, it should update what's missing and you can commit that to have that check pass.

codecov-commenter commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Please upload report for BASE (main@e99c3eb). Learn more about missing BASE report.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #265 +/- ## ======================================= Coverage ? 90.71% ======================================= Files ? 25 Lines ? 1615 Branches ? 0 ======================================= Hits ? 1465 Misses ? 107 Partials ? 43 ``` | [Files with missing lines](https://app.codecov.io/gh/istio-ecosystem/authservice/pull/265?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=istio-ecosystem) | Coverage Δ | | |---|---|---| | [internal/authz/oidc.go](https://app.codecov.io/gh/istio-ecosystem/authservice/pull/265?src=pr&el=tree&filepath=internal%2Fauthz%2Foidc.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=istio-ecosystem#diff-aW50ZXJuYWwvYXV0aHovb2lkYy5nbw==) | `94.10% <100.00%> (ø)` | | | [internal/oidc/redis.go](https://app.codecov.io/gh/istio-ecosystem/authservice/pull/265?src=pr&el=tree&filepath=internal%2Foidc%2Fredis.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=istio-ecosystem#diff-aW50ZXJuYWwvb2lkYy9yZWRpcy5nbw==) | `75.35% <100.00%> (ø)` | | | [internal/oidc/session.go](https://app.codecov.io/gh/istio-ecosystem/authservice/pull/265?src=pr&el=tree&filepath=internal%2Foidc%2Fsession.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=istio-ecosystem#diff-aW50ZXJuYWwvb2lkYy9zZXNzaW9uLmdv) | `100.00% <100.00%> (ø)` | |