Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not set clientSecret for CODE-PKCE #4184

Merged

Conversation

trejjam
Copy link
Contributor

@trejjam trejjam commented Oct 17, 2022

Hi, my oauth server is complaining that I send client_secret when using code flow with PKCE. This PR should resolve the issue

@RicoSuter RicoSuter merged commit 24763ac into RicoSuter:master Sep 27, 2023
@RicoSuter
Copy link
Owner

I need to revert this PR as it breaks our application.
With the improved revert just dont specify clientSecret and it should not be an issue in your case.

@trejjam
Copy link
Contributor Author

trejjam commented Jan 17, 2024

Ok, no problem.

I am curious, how it can break the application

@trejjam trejjam deleted the feature/oauth-pkce-without-client-secret branch January 17, 2024 08:57
@RicoSuter
Copy link
Owner

In our case we need the secret and usePkceWithAuthorizationCodeGrant = true, dont ask me why...
With the changes it should support your case (usePkceWithAuthorizationCodeGrant = true and no secret) and also the (usePkceWithAuthorizationCodeGrant = true and a secret) case.

@trejjam
Copy link
Contributor Author

trejjam commented Jan 17, 2024

Got it, thanks :)

lahma pushed a commit to lahma/NSwag that referenced this pull request Jan 20, 2024
lahma pushed a commit to lahma/NSwag that referenced this pull request Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants