GitHub Community
Replies: 3 comments
-
|
Another related discussion: https://github.com/orgs/community/discussions/40077 And documentation issue: github/docs#22270 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I would love see support for PKCE as well. It would make a huge difference for JAMStack websites. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
PR to clarify that PKCE is not supported github/docs#24965 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
GitHub let's you authorize apps using OAuth but the supported grants require a server, making it difficult for clientside apps.
This requires Jamstack git-backed CMS projects like NetlifyCMS manage an intermediary server separately: https://www.netlifycms.org/docs/github-backend/ (same with TinaCMS and my project Plenti).
The Implicit Grant type was not allowed because of security issues, but Proof Key for Code Exchange (PKCE) should allow clientside apps to operate securely.
GitLab already implements this in their OAuth 2.0 identity provider API: https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-with-proof-key-for-code-exchange-pkce
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions