0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 15:23:14 -05:00
forgejo/routers
Denys Konovalov 7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033)
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
2023-06-03 05:59:28 +02:00
..
api Followup to pinned Issues (#24945) 2023-05-30 15:26:51 +00:00
common Fix admin config page error, use tests to cover the admin config and 500 error page (#24965) 2023-05-29 15:00:21 +00:00
install Refactor INI package (first step) (#25024) 2023-06-02 17:27:30 +08:00
private Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634) 2023-05-26 01:04:48 +00:00
utils Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
web Allow for PKCE flow without client secret + add docs (#25033) 2023-06-03 05:59:28 +02:00
init.go Decouple the different contexts from each other (#24786) 2023-05-21 09:50:53 +08:00