-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable PKCE by default #807
Comments
I see a few possible solutions here:
If possible, (1) would probably be the best solution, but if not, I would go with (3) as the next best option as PKCE is not a strict requirement for private IdPs. I love to hear what everyone thinks before making a decision, though. |
@edward-ly: my intention was to change the default in case Please allow some comments on your list: as described in the issue I would appreciate |
with #740 PKCE was disabled by default. According to different sources PKCE is more secure and recommended for all sorts of clients:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-16#section-2.1.1
in general IdP MUST advertise PKCE support and user_oidc should dynamically adopt rather hard-coding one or another variant:
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-16#section-2.1.1
Please reverse use_pkce setting and enable PKCE by default:
in order
The text was updated successfully, but these errors were encountered: