Closed Sephster closed 1 year ago
This PR prevents a potential PKCE downgrade attack by rejecting access token requests that contain a code_verifier but have not been bound to a code_challenge as per internet draft OAuth 2.0 Security Best Current Practice
This PR prevents a potential PKCE downgrade attack by rejecting access token requests that contain a code_verifier but have not been bound to a code_challenge as per internet draft OAuth 2.0 Security Best Current Practice