Missing code challenge #13
Comments
|
this has to be deprecated .. gin-server piggy backs on go-oauth2/oauth2 and i currently use the latest version of the latter in conjunction with gin-server |
|
its definitely working. Just tested with postman
plus code for token validation does this func (m *Manager) validateCodeChallenge(ti oauth2.TokenInfo, ver string) error {
cc := ti.GetCodeChallenge()
// early return
if cc == "" && ver == "" {
return nil
}
if cc == "" {
return errors.ErrMissingCodeVerifier
}
if ver == "" {
return errors.ErrMissingCodeVerifier
}
ccm := ti.GetCodeChallengeMethod()
if ccm.String() == "" {
ccm = oauth2.CodeChallengePlain
}
if !ccm.Validate(cc, ver) {
return errors.ErrInvalidCodeChallenge
}
return nil
} |
Open
|
however, it only works if you send the client_secret with the token request. Which shouldnt be required for mobile apps for ex added PR in oauth2 go-oauth2/oauth2#230 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As far as I can see there is no code challenge available in this package altough go-oauth2/oauth2 provides it.
Can someone explain me how to use it inside this package or provide a statement if this feature will be added in future?
Thanks in advance.
The text was updated successfully, but these errors were encountered: