[fapi] [PAR] PKCE required #5973

leleueri · 2021-08-06T16:31:50Z

FAPI1-Advanced-Final requires servers to reject PAR requests that do not use PKCE.
See https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server item 18

fixes gravitee-io/issues#5973

leleueri added project: AM type: enhancement labels Aug 6, 2021

leleueri added this to the AM - 3.11.0 milestone Aug 6, 2021

leleueri mentioned this issue Aug 11, 2021

Fapi conformance gravitee-io/gravitee-access-management#1313

Merged

tcompiegne changed the title ~~[FAPI][PAR] PKCE required~~ [fapi] [PAR] PKCE required Aug 13, 2021

leleueri added a commit to gravitee-io/gravitee-access-management that referenced this issue Sep 1, 2021

fix: check PKCE is used for FAPI using PAR authentication request

2efa516

fixes gravitee-io/issues#5973

tcompiegne closed this as completed in gravitee-io/gravitee-access-management@5ad536d Sep 1, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[fapi] [PAR] PKCE required #5973

[fapi] [PAR] PKCE required #5973

leleueri commented Aug 6, 2021

[fapi] [PAR] PKCE required #5973

[fapi] [PAR] PKCE required #5973

Comments

leleueri commented Aug 6, 2021