Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement PKCE for OAuth2 #227

Open
lf- opened this issue Feb 29, 2024 · 0 comments
Open

Implement PKCE for OAuth2 #227

lf- opened this issue Feb 29, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@lf-
Copy link
Contributor

lf- commented Feb 29, 2024

Hi!

OpenGist currently doesn't support PKCE for OAuth2, the lack of which is not super secure. I have gone looking at the underlying library and it does support it since markbates/goth@7593a57 which this project has, but implementing it is nonobvious, but here are some relevant issues/prs:

markbates/goth#516
go-gitea/gitea#21426

Additionally, here is some code, but it seems to be based on an older version of the goth code prior to direct pkce support: https://github.com/mozilla/protodash/blob/cdfb39b44c1bd8fe9d256c97d892b9fd37c88103/pkce/session.go#L43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lf- @thomiceli