OAuth support for public clients #3651
Labels
enhancement
Requests for enhancements of existing stuff.
fixed
Bugs that are fixed (in a coming release).
Comments
|
Good suggestion. This will take some changes on Firefly III's side, support for this has been added to Passport only after I started using it. I'll see what I can do. |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
I've been working on a single page app that uses the API. Now I want to use oauth2 flow for single page apps, and from what I understand, the recommendation is to register a public client (one without a secret). Laravel passport seems to have support for it, but in my Firefly-III installation, the secret is mandatory, so I can't create a public client.
Solution
Allow clients without secrets (Ideally force them to use PKCE).
What are alternatives?
I could keep using a personal access token, or search for other alternatives such as having part of my application running on a server.
Additional context
Bonus points
Recommendations for OAuth2 for browser based apps: https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-06
Laravel passport documentation: https://laravel.com/docs/7.x/passport#creating-a-auth-pkce-grant-client (I can't find if PKCE is mandatory for public clients)
The text was updated successfully, but these errors were encountered: