core
/
gitea
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gitea/tests
History
Denys Konovalov 7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033) 
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
 		2023-06-03 05:59:28 +02:00
..
e2e Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
fuzz Move fuzz tests into tests/fuzz (#22376) 2023-01-09 15:30:14 +08:00
gitea-lfs-meta Test views of LFS files (#22196) 2022-12-23 07:41:56 +08:00
gitea-repositories-meta Remove git sample files and ignore them (#24271) 2023-04-22 20:29:29 +08:00
integration Allow for PKCE flow without client secret + add docs (#25033) 2023-06-03 05:59:28 +02:00
mssql.ini.tmpl Implement actions artifacts (#22738) 2023-05-19 21:37:57 +08:00
mysql.ini.tmpl Implement actions artifacts (#22738) 2023-05-19 21:37:57 +08:00
mysql8.ini.tmpl Implement actions artifacts (#22738) 2023-05-19 21:37:57 +08:00
pgsql.ini.tmpl Implement actions artifacts (#22738) 2023-05-19 21:37:57 +08:00
sqlite.ini.tmpl Implement actions artifacts (#22738) 2023-05-19 21:37:57 +08:00
test_utils.go Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00