Skip to content

0.16.4
Compare
Choose a tag to compare
@aeneasr aeneasr released this 07 Feb 10:02
· 513 commits to master since this release
v0.16.4
4512853
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode. 
handler: Adds PKCE implementation for none and S256 (#246)

This patch adds support for PKCE (https://tools.ietf.org/html/rfc7636) which is used by native apps (mobile) and prevents eavesdropping attacks against authorization codes.

PKCE is enabled by default but not enforced. Challenge method plain is disabled by default. Both settings can be changed using `compose.Config.EnforcePKCE` and `compose.config.EnablePKCEPlainChallengeMethod`.

Closes #213
Assets 2
Loading