Skip to content

PKCE
Compare
Choose a tag to compare
@KtorZ KtorZ released this 17 Feb 23:22
· 21 commits to master since this release
7.0.0
d4d3132
This commit was signed with the committer’s verified signature.
KtorZ Matthias Benkort
GPG key ID: 33173CB6F77F4277
Verified
Learn about vigilant mode.

Diff

---- ADDED MODULES - MINOR ----

    OAuth.AuthorizationCode.PKCE


---- OAuth.AuthorizationCode - MAJOR ----

    Added:
        type alias AuthorizationCode = String.String
    
    Changed:
      - type alias AuthorizationSuccess =
            { code : String, state : Maybe String }
      + type alias AuthorizationSuccess =
            { code : OAuth.AuthorizationCode.AuthorizationCode
            , state : Maybe.Maybe String.String
            }

Commits

  • f1f648a add support for RFC7636 - Proof Key for Code Exchange

    Auth 2.0 public clients utilizing the Authorization Code Grant are
    susceptible to the authorization code interception attack. This
    specification describes the attack as well as a technique to mitigate against
    the threat through the use of Proof Key for Code Exchange (PKCE, pronounced
    "pixy").

  • 3dc3c9d remove double dependency on base64 and favor only one

  • 6199c78 several doc revision on all grants (diagrams, type description etc ...)

  • 0d969a0 put PKCE as recommended in README and start reviewing demos / guides

  • b712fcd rework examples

    • Add auth0 example with authorization code and PKCE support
    • Add facebook example
    • Make them more readable and avoid unrelated code in examples
    • Add README to summarize information

  • 68383cf revise deployment scripts, in particular examples

Assets 2
Loading