You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It doesn't seem like the OAuth2 providers use PKCE with the authorization code flow from a cursory view. The PKCE implementation would be helpful to avoid auth code injection attacks.
馃帳 Pitch
This should probably be abstracted away in appwrite/src/Appwrite/Auth/OAuth2.php so that contributors building new providers don't have to interact with the PKCE code. Here's an example of PKCE implementation in PHP.
馃憖 Have you spent some time to check if this issue has been raised before?
馃敄 Feature description
It doesn't seem like the OAuth2 providers use PKCE with the authorization code flow from a cursory view. The PKCE implementation would be helpful to avoid auth code injection attacks.
馃帳 Pitch
This should probably be abstracted away in
appwrite/src/Appwrite/Auth/OAuth2.php
so that contributors building new providers don't have to interact with the PKCE code. Here's an example of PKCE implementation in PHP.馃憖 Have you spent some time to check if this issue has been raised before?
馃彚 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: