Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth 2.0 PKCE challenge (RFC7636) #152

Merged
merged 26 commits into from
Feb 13, 2023
Merged

OAuth 2.0 PKCE challenge (RFC7636) #152

merged 26 commits into from
Feb 13, 2023

Conversation

byewokko
Copy link
Collaborator

@byewokko byewokko commented Feb 2, 2023
edited
Loading

closes #139

PKCE is always enabled in Seacat Auth; it is not necessary to configure the app.

Both plain and S256 code challenge methods are supported.

To be able to use PKCE with your client:

  • Register your client and set its code_challenge_methods attribute to ["S256"] (or ["plain"] if SHA256 is not implemented on the client server)
  • A client is allowed to register only one method at once, i.e. it is not possible to set {"code_challenge_methods": ["S256", "plain"]}

The PKCE code challenge works as described in RFC7636

@byewokko byewokko self-assigned this Feb 2, 2023
@byewokko byewokko requested a review from ateska February 7, 2023 13:07
ateska
ateska requested changes Feb 8, 2023
View reviewed changes
Copy link
Contributor

@ateska ateska left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also include PKCE in the README.md as a supported feature - including link to the PKCE specifications.

seacatauth/client/service.py Outdated Show resolved Hide resolved
@ateska
Copy link
Contributor

ateska commented Feb 8, 2023

https://github.com/TeskaLabs/seacat-auth/blob/main/README.md updated also.

@ateska ateska added the enhancement New feature or request label Feb 8, 2023
@ateska ateska changed the title OAuth PKCE challenge OAuth 2.0 PKCE challenge (RFC7636) Feb 8, 2023
@ateska ateska added this to the Release v23.07 milestone Feb 9, 2023
@byewokko byewokko merged commit b2ff995 into main Feb 13, 2023
@byewokko byewokko deleted the feature/oauth-pkce branch February 13, 2023 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ateska ateska ateska approved these changes

Assignees

@byewokko byewokko

Labels
enhancement New feature or request
Projects
None yet
Milestone
Release v23.07
Development

Successfully merging this pull request may close these issues.

Support PKCE for OAuth 2.0 public clients
2 participants
@byewokko @ateska