Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add PKCE Verifier for OIDC #2314

Merged
merged 2 commits into from
Dec 22, 2024
Merged

feat: Add PKCE Verifier for OIDC #2314

merged 2 commits into from
Dec 22, 2024

Conversation

Rorical
Copy link
Contributor

@Rorical Rorical commented Dec 22, 2024

From PR #1812 :

To fix the error "Could not exchange code for the token" when using the PKCE method, a verifier should be generated and used during the authentication process.

This change include change in configuration, oidc handling method and documents.

oidc:
  # Optional: PKCE (Proof Key for Code Exchange) configuration
  # PKCE adds an additional layer of security to the OAuth 2.0 authorization code flow
  # by preventing authorization code interception attacks
  # See https://datatracker.ietf.org/doc/html/rfc7636
  pkce:
    # Enable or disable PKCE support (default: false)
    enabled: false
    # PKCE method to use:
    # - plain: Use plain code verifier
    # - S256: Use SHA256 hashed code verifier (default, recommended)
    method: S256

This was referenced Dec 22, 2024
Closed
Draft
kradalby
kradalby approved these changes Dec 22, 2024
View reviewed changes
Copy link
Collaborator

@kradalby kradalby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, I'm off the computer for a few days, could you push the draft as discussed and try to write up an issue for the proxy for later while it is fresh in memory?

@kradalby
Copy link
Collaborator

Could you also add a changelog line?

@Rorical
Copy link
Contributor Author

Rorical commented Dec 22, 2024

Sure, draft is at #2315

@Rorical
Copy link
Contributor Author

Rorical commented Dec 22, 2024

Should this be done in v0.24.0 or Next?

@Rorical
Copy link
Contributor Author

Rorical commented Dec 22, 2024

Should this be done in v0.24.0 or Next?

I mean where should I write this change in changelog

@kradalby
Copy link
Collaborator

0.24 is good

@kradalby kradalby enabled auto-merge (squash) December 22, 2024 16:43
@kradalby kradalby merged commit b81420b into juanfont:main Dec 22, 2024
136 of 137 checks passed
@nblock nblock added this to the v0.24.0 milestone Dec 22, 2024
@Rorical Rorical mentioned this pull request Dec 23, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kradalby kradalby kradalby approved these changes

@ohdearaugustin ohdearaugustin Awaiting requested review from ohdearaugustin ohdearaugustin is a code owner

@nblock nblock Awaiting requested review from nblock nblock is a code owner

@juanfont juanfont Awaiting requested review from juanfont juanfont is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.24.0
Development

Successfully merging this pull request may close these issues.
3 participants
@Rorical @kradalby @nblock