1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-09-01 14:56:30 +00:00
gitea/routers/web/auth
Denys Konovalov 7d855efb1f
Allow for PKCE flow without client secret + add docs ()
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since  (v1.8.0), however without being
able to omit client secret.
Since  Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since , in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes 
Closes 
2023-06-03 05:59:28 +02:00
..
2fa.go refactor some functions to support ctx as first parameter () 2022-12-03 10:48:26 +08:00
auth.go Split "modules/context.go" to separate files () 2023-05-08 17:36:54 +08:00
linkaccount.go Add context cache as a request level cache () 2023-02-15 21:37:34 +08:00
main_test.go Implement FSFE REUSE for golang files () 2022-11-27 18:20:29 +00:00
oauth_test.go Add context cache as a request level cache () 2023-02-15 21:37:34 +08:00
oauth.go Allow for PKCE flow without client secret + add docs () 2023-06-03 05:59:28 +02:00
openid.go Refactor cookie () 2023-04-13 15:45:33 -04:00
password.go Split "modules/context.go" to separate files () 2023-05-08 17:36:54 +08:00
webauthn.go Replace deprecated Webauthn library () 2023-01-11 21:51:00 -05:00