Portainer.io
Oauth2 PKCE support #12532
ToxicMushroom
started this conversation in
Ideas
Oauth2 PKCE support
#12532
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe
Cross site request forgery and authorization code injection attacks.
Describe the solution you'd like
Add a toggle to do PKCE on the oauth2 flow in oauth2 settings.
Describe alternatives you've considered
/
Additional context
Will most likely be required in Oauth 2.1
https://www.rfc-editor.org/rfc/rfc7636
https://oauth.net/2/pkce/
https://oauth.net/2.1/
https://kanidm.github.io/kanidm/master/frequently_asked_questions.html#why-is-disabling-pkce-considered-insecure
Beta Was this translation helpful? Give feedback.
All reactions