Comments (6)
@andifalk Yes, I mean the authorization code grant. I attempted to create an epic but was unable to post it, so I provided the Feature issue. We can add an authorization code grant epic and reference it here.
I agree the authorization grand also should support PKCE, as an optional value and will update the request. I used the Authorization Code Grant section of RFC 6749 to define the issue, without also referencing the additional RFCs that have been adopted since the publication of RFC 6749.
Perhaps a possible approach is to define an epic for each of the OAuth 2.0 "stand-alone" RFC and then issues can be tied to them.
from spring-authorization-server.
With the authorization grant, you actually mean the authorization code grant?
If yes, then we also need an epic for authorization code grant first (same as for client credentials). Especially as the authorization code grant is more complex than the client credentials grant type.
And authorization code grant also must support PKCE.
from spring-authorization-server.
@dfcoffin Can you please provide details on this issue.
from spring-authorization-server.
@dfcoffin @andifalk Yes, the plan is to group a major feature using epics. I'm actually planning on logging a bunch of issues for the authorization_code
grant and grouping it into this epic. However, our goal really is to flush out #19 first and then work on authorization_code
. That may change though if we have contributors working on both flows :)
from spring-authorization-server.
@jgrandja Is the plan to continue tracking this project in the spring-security-oauth Gitter channel or will there be a spring-authorization-server channel established since spring-security-oauth is actively being implemented and will be supported by Pivotal until March 2021, I believe.
from spring-authorization-server.
Good question. Let me run it by the team and see if it makes sense to setup a new Gitter channel.
from spring-authorization-server.
Related Issues (20)
- Inconsistency in reading 'grant_type' values from request. HOT 1
- /oauth2/device_authorization not working HOT 1
- Session created by the OAuth flow should be short lived HOT 5
- RegisteredClient's idTokenSignatureAlgorithm only accepts SignatureAlgorithm HOT 1
- Update to Spring Security 6.3.0-SNAPSHOT
- Update to Spring Framework 6.0.19
- Update to Spring Security 6.1.9
- Update to Spring Framework 6.1.6
- Update to Spring Security 6.2.4
- Update to Spring Framework 6.1.6
- Update to Spring Security 6.3.0-RC1
- Update to org.bouncycastle 1.78
- Update to spring-security-release-plugin 1.0.3
- Update to spring-security-release-plugin 1.0.3
- Update to spring-security-release-plugin 1.0.3
- Multiple secrets per registered client HOT 5
- One-way storage of refresh tokens is better supported if the refresh token is reused HOT 3
- Enable refresh of JwkSet in X509SelfSignedCertificateVerifier
- docs: example of testing pkce against split resource server HOT 4
- Impossible to login after session timeout HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-authorization-server.