New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add client side implementation for PKCE #741
Comments
I am working on this feature. Feel free to get in touch for any comments. |
Created PR --> #743 |
This looks like a security issue, is it going fo be fixed in the next release? |
I have raised the above PR. Should be fixed when it's approved. |
hi, I do have the same issue in jupyterhub requirements dependencies. May i know in which release version this PR fix will be merged ? |
Client-side PKCE for OAuth2 RFC 7636 is required for applications to have secure communication with the authorization server. OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. PKCE mitigates this issue by adding an extra challenge/verifier parameter with each request it sends to the server.
The text was updated successfully, but these errors were encountered: