Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃殌 Feature: PKCE for OAuth2 providers #3143

Open
2 tasks done
tanay1337 opened this issue Apr 24, 2022 · 1 comment
Open
2 tasks done

馃殌 Feature: PKCE for OAuth2 providers #3143

tanay1337 opened this issue Apr 24, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@tanay1337
Copy link
Contributor

馃敄 Feature description

It doesn't seem like the OAuth2 providers use PKCE with the authorization code flow from a cursory view. The PKCE implementation would be helpful to avoid auth code injection attacks.

馃帳 Pitch

This should probably be abstracted away in appwrite/src/Appwrite/Auth/OAuth2.php so that contributors building new providers don't have to interact with the PKCE code. Here's an example of PKCE implementation in PHP.

馃憖 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

馃彚 Have you read the Code of Conduct?
@stnguyen90
Copy link
Contributor

PKCE is used for client side. However, the auth code flow Appwrite does is server side so it shouldn't be a problem.

@stnguyen90 stnguyen90 added enhancement New feature or request and removed feature labels Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stnguyen90 @tanay1337