Allow for PKCE flow without client secret + add docs (#25033) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	Denys Konovalov <kontakt@denyskon.de>	2023-06-03 05:59:28 +0200
committer	GitHub <noreply@github.com>	2023-06-03 05:59:28 +0200
commit	7d855efb1fe6b97c5d87492f67ed6aefd31b2474 (patch)
tree	f980b82bcbadeb8c6ed6c2fe13f540a838bc619b /options/license/mpich2
parent	7fca4056c424889488993e0226d6622e6b4fe098 (diff)
download	gitea-7d855efb1fe6b97c5d87492f67ed6aefd31b2474.tar.gz gitea-7d855efb1fe6b97c5d87492f67ed6aefd31b2474.zip

Allow for PKCE flow without client secret + add docs (#25033)

The PKCE flow according to [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure authorization without the requirement to provide a client secret for the OAuth app. It is implemented in Gitea since #5378 (v1.8.0), however without being able to omit client secret. Since #21316 Gitea supports setting client type at OAuth app registration. As public clients are already forced to use PKCE since #21316, in this PR the client secret check is being skipped if a public client is detected. As Gitea seems to implement PKCE authorization correctly according to the spec, this would allow for PKCE flow without providing a client secret. Also add some docs for it, please check language as I'm not a native English speaker. Closes #17107 Closes #25047

Diffstat (limited to 'options/license/mpich2')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: