Skip to content

Commit

Permalink
oauth2: Adds support for PKCE (IETF RFC7636)
Browse files Browse the repository at this point in the history 
This patch adds support for PKCE which is especially useful for
native mobile apps.

Spec: https://tools.ietf.org/html/rfc7636

Closes #744
  • Loading branch information
arekkas committed Feb 7, 2018
1 parent d49eabe commit c2de5a4
Show file tree
Hide file tree
Showing 4 changed files with 159 additions and 31 deletions.
172 changes: 148 additions & 24 deletions Gopkg.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Gopkg.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@

[[constraint]]
name = "github.com/ory/fosite"
version = "0.16.1"
version = "0.16.3"

[[constraint]]
name = "github.com/ory/graceful"
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ ORY Hydra implements Open Standards set by the IETF:
* [OAuth 2.0 Dynamic Client Registration Protocol](https://tools.ietf.org/html/rfc7591)
* [OAuth 2.0 Dynamic Client Registration Management Protocol](https://tools.ietf.org/html/rfc7592)
* [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/draft-ietf-oauth-native-apps-10)
* [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)

and the OpenID Foundation:

Expand Down
15 changes: 9 additions & 6 deletions cmd/server/handler_oauth2_factory.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,14 @@ func newOAuth2Provider(c *config.Config) (fosite.OAuth2Provider, string) {
}

fc := &compose.Config{
AccessTokenLifespan: c.GetAccessTokenLifespan(),
AuthorizeCodeLifespan: c.GetAuthCodeLifespan(),
IDTokenLifespan: c.GetIDTokenLifespan(),
HashCost: c.BCryptWorkFactor,
ScopeStrategy: c.GetScopeStrategy(),
SendDebugMessagesToClients: c.SendOAuth2DebugMessagesToClients,
AccessTokenLifespan: c.GetAccessTokenLifespan(),
AuthorizeCodeLifespan: c.GetAuthCodeLifespan(),
IDTokenLifespan: c.GetIDTokenLifespan(),
HashCost: c.BCryptWorkFactor,
ScopeStrategy: c.GetScopeStrategy(),
SendDebugMessagesToClients: c.SendOAuth2DebugMessagesToClients,
EnforcePKCE: false,
EnablePKCEPlainChallengeMethod: false,
}

return compose.Compose(
Expand All @@ -90,6 +92,7 @@ func newOAuth2Provider(c *config.Config) (fosite.OAuth2Provider, string) {
compose.OAuth2AuthorizeImplicitFactory,
compose.OAuth2ClientCredentialsGrantFactory,
compose.OAuth2RefreshTokenGrantFactory,
compose.OAuth2PKCEFactory,
compose.OpenIDConnectExplicitFactory,
compose.OpenIDConnectHybridFactory,
compose.OpenIDConnectImplicitFactory,
Expand Down

0 comments on commit c2de5a4

Please sign in to comment.