gitea

mirror of https://github.com/go-gitea/gitea synced 2024-06-29 14:45:47 +00:00

History

Denys Konovalov 7d855efb1f Allow for PKCE flow without client secret + add docs (#25033 ) The PKCE flow according to [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure authorization without the requirement to provide a client secret for the OAuth app. It is implemented in Gitea since #5378 (v1.8.0), however without being able to omit client secret. Since #21316 Gitea supports setting client type at OAuth app registration. As public clients are already forced to use PKCE since #21316, in this PR the client secret check is being skipped if a public client is detected. As Gitea seems to implement PKCE authorization correctly according to the spec, this would allow for PKCE flow without providing a client secret. Also add some docs for it, please check language as I'm not a native English speaker. Closes #17107 Closes #25047		2023-06-03 05:59:28 +02:00
..
2fa.go	refactor some functions to support ctx as first parameter (#21878 )	2022-12-03 10:48:26 +08:00
auth.go	Split "modules/context.go" to separate files (#24569 )	2023-05-08 17:36:54 +08:00
linkaccount.go	Add context cache as a request level cache (#22294 )	2023-02-15 21:37:34 +08:00
main_test.go	Implement FSFE REUSE for golang files (#21840 )	2022-11-27 18:20:29 +00:00
oauth_test.go	Add context cache as a request level cache (#22294 )	2023-02-15 21:37:34 +08:00
oauth.go	Allow for PKCE flow without client secret + add docs (#25033 )	2023-06-03 05:59:28 +02:00
openid.go	Refactor cookie (#24107 )	2023-04-13 15:45:33 -04:00
password.go	Split "modules/context.go" to separate files (#24569 )	2023-05-08 17:36:54 +08:00
webauthn.go	Replace deprecated Webauthn library (#22400 )	2023-01-11 21:51:00 -05:00