feat(core): third-party applications are not allowed for token exchange

logto-io / logto

🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.

https://logto.io

Mozilla Public License 2.0

7.86k stars 386 forks source link

feat(core): third-party applications are not allowed for token exchange #6100

Closed wangsijie closed 1 week ago

wangsijie commented 3 weeks ago

Summary

For security concern, third-party applications are not allowed for token exchange.

Testing

Unit and integration tests.

Checklist

[ ] .changeset
[x] unit tests
[x] integration tests
[x] necessary TSDoc comments

github-actions[bot] commented 3 weeks ago

COMPARE TO `master`

Total Size Diff :chart_with_upwards_trend: +1.46 KB

Diff by File

|Name|Diff| |---|---| |packages/core/src/oidc/grants/token-exchange.test.ts|:chart_with_upwards_trend: +399 Bytes| |packages/core/src/oidc/grants/token-exchange.ts|:chart_with_upwards_trend: +299 Bytes| |packages/integration-tests/src/tests/api/oidc/token-exchange.test.ts|:chart_with_upwards_trend: +799 Bytes|