Support RFC7636 PKCE in the OAuth 2.0 flow. (#14750)
PKCE can protect against certain attacks and is enabled by default. Support can be controlled manually by setting the pkce_method of each oidc_providers entry to 'auto' (default), 'always', or 'never'. This is required by Twitter OAuth 2.0 support.
Showing
- changelog.d/14750.feature 1 addition, 0 deletionschangelog.d/14750.feature
- docs/usage/configuration/config_documentation.md 6 additions, 1 deletiondocs/usage/configuration/config_documentation.md
- synapse/config/oidc.py 6 additions, 0 deletionssynapse/config/oidc.py
- synapse/handlers/oidc.py 47 additions, 7 deletionssynapse/handlers/oidc.py
- synapse/util/macaroons.py 7 additions, 0 deletionssynapse/util/macaroons.py
- tests/handlers/test_oidc.py 144 additions, 8 deletionstests/handlers/test_oidc.py
- tests/util/test_macaroons.py 1 addition, 0 deletionstests/util/test_macaroons.py
Loading
Please register or sign in to comment