search

owncloud / oauth2

🔐 Application for using OAuth 2.0 in ownCloud
GNU Affero General Public License v3.0
32 stars 24 forks source link

don't require client secret when using PKCE #337

Closed C0rby closed 2 years ago

C0rby commented 2 years ago

The authorization code flow doesn't require a client secret in case of a public client. Instead, the client needs to use the PKCE extension and send a code challenge / code verifier. That is why we don't compare the client secret when the client id and code verifier are set in the query parameters.

/cc @dschmidt

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication