Add PKCE verification support #128
Conversation
|
@omniauth/omniauth-oidc Can anyone else review these changes? |
|
lgtm too. I'll close my PR now the improvements have been implemented in this one. |
|
@BobbyMcWho @pboling ping ping this should introduce no changes to people that already have been using #80, except they would now be able to use a version from the master upstream btw - what do you think about reducing the number of required reviews before workflows are enabled? |
|
I unfortunately don't know much about this strategy, I'll have to find some time to get up to speed on what this proposes |
here's a good, simple explanation: https://doorkeeper.gitbook.io/guides/ruby-on-rails/pkce-flow here's less simplified, but still a good one: https://developer.okta.com/docs/guides/implement-grant-type/authcodepkce/main/#about-the-authorization-code-grant-with-pkce Not supporting PKCE these days excludes you from a lot of OIDC providers. |
|
I'm going to merge this, but I don't manage releases for this gem, @stanhu looks like the last one who pushed this to rubygems, so I'll defer to them to release |
|
v0.5.0 has been released. |
This is pretty much a 1:1 copy of https://github.com/omniauth/omniauth_openid_connect/pull/80/commits with addressed PR suggestions and removed unused code.
You may want to review it with
?w=1appended to the URL - it'll make reading much easier.Also, there's one small improvement to the original PR: https://github.com/omniauth/omniauth_openid_connect/pull/128/files#diff-ee829bbbbd9d35ee93126d96347fffbfa8756868001c1d4ad6aff9c4650e8151R251
This allows providing a parameter in case one does not use sessions.