Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKCE support #421

Open
wants to merge 8 commits into
base: develop
Choose a base branch
from
Open

PKCE support #421

wants to merge 8 commits into from

Commits on Mar 22, 2024

  1. Add new PKCE setting 

    Add new setting to enable/disable PKCE feature. A new constant
OIDC_ENABLE_PKCE is available to force the setting's value.
    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    4fbe3df View commit details
    Browse the repository at this point in the history

  2. Store code verifier when creating a new state 

    Update new state creation method to take an additional parameter
with the PKCE code verifier 's value and store it in the state
value.
    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    31cb707 View commit details
    Browse the repository at this point in the history

  3. Add method to generate PKCE code challenge 

    The method will try to generate a code verifier (a random ASCII string)
and a code challenge (SHA256 hash of the verifier) and return an
array with them and the method use to create the code challenge.

If the code verifier generation fails the method will return false.
    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    022bcce View commit details
    Browse the repository at this point in the history

  4. Add PKCE code challenge to the authentication url 

    This is the first step when integrating PKCE into the authentication
workflow. When building the authentication URL a new code verifier
and challenge are created, the code verifier is store in the state
to be accessible at a later stage and the challenge is added as a
query param to the URL along side the method use to generate the
challenge from the verifier.
    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    b2b9505 View commit details
    Browse the repository at this point in the history

  5. Add the verifier to the auth token request 

    This is the second step when integrating PKCE into the authentication
workflow. Add the code verifier to the auth token request's body.
Code verifier is retieved from the state object created when building
the authentication URL.
    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    4c3c42d View commit details
    Browse the repository at this point in the history

  6. Force boolean type when checking PKCE setting

    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    931b960 View commit details
    Browse the repository at this point in the history

  7. First pass at testing the PKCE feature

    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    550e0aa View commit details
    Browse the repository at this point in the history

  8. Fix wrong number of accepted args

    @petitphp
    petitphp committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    c3ea74e View commit details
    Browse the repository at this point in the history