Skip to content

Issue #3266205: Add PKCE flow capabilities for eligible clients

What / Why

  • Add PKCE authorization flow support for eligible clients: Google, Okta, Generic.
  • Add PKCE related settings to the Client base class and update the config schema. This allows individual clients to declare that they are compatible and enable using PKCE as part of the authorization flow.
  • Rename ::getUrlOptions to ::getAuthorizeRequestOptions to reflect the usage and add logic to add/store the code_verifier value and add the code_challenge value
    • Use this method again in ::authorize, it was unused
    • Use random_bytes to generate the verifier value for cryptographic randomness
  • Rename ::getRequestOptions to ::getTokenRequestOptions to reflect the usage and add logic to add the stored code_verifier
  • Fix a small grammar error with double "the"s
Edited by Gary Gao

Merge request reports

Loading