Skip to content
Snippets Groups Projects

Issue #3266205: Add PKCE flow capabilities for eligible clients

Issue #3266205: Add PKCE flow capabilities for eligible clients
issue/openid_connect-3266205:3266205-pkce-flow-2022-10--2.x into 3.x
Closed Gary Gao requested to merge issue/openid_connect-3266205:3266205-pkce-flow-2022-10--2.x into 3.x

What / Why

  • Add PKCE authorization flow support for eligible clients: Google, Okta, Generic.
  • Add PKCE related settings to the Client base class and update the config schema. This allows individual clients to declare that they are compatible and enable using PKCE as part of the authorization flow.
  • Rename ::getUrlOptions to ::getAuthorizeRequestOptions to reflect the usage and add logic to add/store the code_verifier value and add the code_challenge value
    • Use this method again in ::authorize, it was unused
    • Use random_bytes to generate the verifier value for cryptographic randomness
  • Rename ::getRequestOptions to ::getTokenRequestOptions to reflect the usage and add logic to add the stored code_verifier
  • Fix a small grammar error with double "the"s
Edited by Gary Gao

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply