Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRISMA-2021-0041 - There is no support for PKCE implementation in the oauthlib client #774

Closed
bobpach opened this issue Aug 27, 2021 · 9 comments · Fixed by #786
Closed

PRISMA-2021-0041 - There is no support for PKCE implementation in the oauthlib client #774

bobpach opened this issue Aug 27, 2021 · 9 comments · Fixed by #786
Milestone
3.2.0

Comments

@bobpach
Copy link

bobpach commented Aug 27, 2021

PRISMA-2021-0041 - There is no support for PKCE implementation in the oauthlib client. Client-side PKCE for OAuth2 RFC 7636 is required for applications to have secure communication with the authorization server. OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack.*Describe the bug
@jjlangen
Copy link

I also have this issue. It seems there is an (in)active PR on this issue #743

@thedrow
Copy link
Collaborator

thedrow commented Sep 20, 2021

Feel free to take over. All contributions are welcome 😄

@rigzba21
Copy link
Contributor

Hi all! I'm running into the same issue with finding PRISMA-2021-0041. I'd love to help out with #743 in any way possible!

@auvipy
Copy link
Contributor

auvipy commented Oct 26, 2021
edited

you can help to address the review comments

@rigzba21
Copy link
Contributor

I will do just that! Thanks for pointing me in the right direction.

@gandhirajan
Copy link

@auvipy I saw that the PR related to this issue is merged. Could please provide some info on when is the planned release for this fix?

@auvipy auvipy added this to the 3.2.0 milestone Dec 24, 2021
@auvipy
Copy link
Contributor

auvipy commented Dec 24, 2021
edited

we can expect very soon, we just need a license issue fixed and update some release notes #766

@gandhirajan
Copy link

@auvipy Thanks for the instant update.

@auvipy
Copy link
Contributor

auvipy commented Jan 30, 2022

closing in favor of #786

@auvipy auvipy closed this as completed Jan 30, 2022
@auvipy auvipy linked a pull request Jan 30, 2022 that will close this issue
PKCE #786
Merged
@rolweber rolweber mentioned this issue Feb 2, 2022
Closed
@ivan-kolisnyk ivan-kolisnyk mentioned this issue Feb 3, 2023
Closed
@bebound bebound mentioned this issue Feb 6, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.2.0
Development

Successfully merging a pull request may close this issue.

PKCE rigzba21/oauthlib
6 participants
@thedrow @jjlangen @auvipy @gandhirajan @rigzba21 @bobpach