Implement PKCE #76
Comments
jankapunkt
added
compliance 📜
|
There are some PRs in the original repo that contains PKCE implementation -- not saying we should copy and paste these but they can definitely assists us in the implementation. oauthjs/node-oauth2-server#658 <- example |
|
Related: rfc7636 |
|
I started this here: #86 |
|
Hi, if can be of any help, this is the full list of pr related to PKCE, in the original project:
Regards. |
|
@FStefanni @Uzlopak I oriented on oauthjs/node-oauth2-server#658 because the others were targeting a much different state of the code, this was by far the most easy to integrate. Please check out #86 and clone this branch to test locally if you need PKCE as I have currently not the resources to set this up on our systems. |
|
This issue is labeled with high priority. However, it have been open for 10 months. When do you plan to release this? Or must all issues in the v4.3 milestone be completed first? I don't want to stress anything, just would like to have this feature in the library 👍 |
|
Hi @nekman as I stated a few times, we need more people to test this with a real world setup. Just a few days ago someone did and revealed a missing feature which is now added as another PR. If you want to get this feature faster merged then please help out with testing. I have limited resources as I have only the authorization code workflow as setup to test. The other workflows can only be tested by me locally in an artificial environment. You can also help out by reviewing existing pull requests regarding PKCE. I will also try to get this repo into Hacktoberfest (never did this but I see some potential for getting some support). |
|
Thanks for the information @jankapunkt. Of course we should not stress anything. Important to get it right and well tested. I will see what I can do! |
|
implemented in 4.3.0 by PR #86 |
See https://snyk.io/vuln/npm:oauth2-server
oauthjs/node-oauth2-server#452
The text was updated successfully, but these errors were encountered: