request #14800 Opportunistic PKCE support of OIDC provider

Infos

Artifact ID#14800

Submitted byThomas Gerbet (tgerbet)

Last Modified On2020-04-22 12:31

Submitted on2020-04-20 12:41

Rank16073

Details

Summary *

Opportunistic PKCE support of OIDC provider

Original Submission

While PKCE is not part of the OIDC spec (a similar protection is added by the state parameter), it becomes more frequent to have authorization servers that support it or even enforce its usage (it makes sense for an authorization server that also support standard OAuth2 clients).
Since adding PKCE is additive we could add it, authorization servers supporting it while do the verification others will do nothing.

https://tools.ietf.org/html/rfc7636

CategoryAuthentication & LDAP

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2020-04-21

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #14800

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/56/18756/4' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 8d10ca8505

Joris MASSON (jmasson) , 2020-04-21 17:41

request #14800: Add support of the PKCE [0] to the OIDC client plugin caf6b3434e

Thomas Gerbet (tgerbet) , 2020-04-21 15:22

Generated PKCE code verifier is too small a9ef3d1fa9

Thomas Gerbet (tgerbet) , 2020-04-22 11:57

Show items referenced by request #14800

Referenced by request #14800

Artifact Tracker v5

rel #14681 11.14

Other

Follow-ups

Joris MASSON (jmasson)

2020-04-22 12:31

gerrit #18807 integrated into Tuleap 11.13.99.199

Joris MASSON (jmasson)

2020-04-21 17:44

gerrit #18756 integrated into Tuleap 11.13.99.191

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #14681
Close date set to 2020-04-21

Thomas Gerbet (tgerbet)

2020-04-20 12:42

See gerrit #18756.

Status changed from Under implementation to Under review