Issue #3266205: Add PKCE flow capabilities for eligible clients (!59) · Merge requests · project / openid_connect · GitLab

Snippets Groups Projects

Closed Gary Gao requested to merge issue/openid_connect-3266205:3266205-pkce-flow-2022-10--2.x into 3.x 2 years ago

What / Why

Add PKCE authorization flow support for eligible clients: Google, Okta, Generic.
Add PKCE related settings to the Client base class and update the config schema. This allows individual clients to declare that they are compatible and enable using PKCE as part of the authorization flow.
- Allow selecting S256 and plain code_challenge transformation methods per https://www.rfc-editor.org/rfc/rfc7636#section-4.2. Use S256 as a good default but allow plain as it is supported by some providers like Google
Rename ::getUrlOptions to ::getAuthorizeRequestOptions to reflect the usage and add logic to add/store the code_verifier value and add the code_challenge value
- Use this method again in ::authorize, it was unused
- Use random_bytes to generate the verifier value for cryptographic randomness
Rename ::getRequestOptions to ::getTokenRequestOptions to reflect the usage and add logic to add the stored code_verifier
Fix a small grammar error with double "the"s

Edited 2 years ago by Gary Gao

Activity

Gary Gao changed title from Add PKCE flow capabilities for eligible clients to Issue #3266205: Add PKCE flow capabilities for eligible clients 2 years ago

changed title from Add PKCE flow capabilities for eligible clients to Issue #3266205: Add PKCE flow capabilities for eligible clients
Gary Gao added 1 commit 2 years ago
added 1 commit

9cb50b6a - Fix error in copy-n-paste value for session remove call

Compare with previous version
Gary Gao changed the description 2 years ago

changed the description
Gary Gao added 4 commits 2 years ago
added 4 commits

2b8627c3 - Add PKCE settings and property indicator on ClientBase

4b34e2e3 - Update ClientBase for PKCE flow

a8f8d276 - Mark Google, Okta, Generic clients as PKCE compatible

7dc7f647 - Fix a small grammar error

Compare with previous version
Toggle commit list
Gary Gao changed the description 2 years ago

changed the description
Gary Gao added 1 commit 2 years ago
added 1 commit

ec71b33d - Specify drupal/externalauth dependency in composer

Compare with previous version
João Ventura added 1 commit 2 years ago
added 1 commit

67b280c1 - Revert "Specify drupal/externalauth dependency in composer"

Compare with previous version
Gary Gao added 5 commits 2 years ago
added 5 commits

67b280c1...9e365f0c - 4 commits from branch project:2.x

a50f5a92 - Merge remote-tracking branch 'origin/2.x' into 3266205-pkce-flow-2022-10--2.x

Compare with previous version
Gary Gao changed target branch from 2.x to 3.x 1 year ago

changed target branch from 2.x to 3.x
João Ventura closed 8 months ago

closed

Please register or sign in to reply