Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
spring-security/oauth2
History
Stephen Doxsee 7739a0e91a Add PKCE OAuth2 client support 
- Support has been added for "RFC7636: Proof Key for Code Exchange by OAuth Public Clients" (PKCE, pronounced "pixy") to mitigate against attacks targeting the interception of the authorization code
 - PkceParameterNames was added for the 3 additional parameters used by PKCE (i.e. code_verifier, code_challenge, and code_challenge_method)
 - Default code_verifier length has been set to 128 characters--the maximum allowed by RFC7636
 - ClientAuthenticationMethod.NONE was added to allow clients to request tokens without providing a client secret

Fixes gh-6446
 		2019-02-28 11:38:48 -05:00
..
oauth2-client Add PKCE OAuth2 client support 2019-02-28 11:38:48 -05:00
oauth2-core Add PKCE OAuth2 client support 2019-02-28 11:38:48 -05:00
oauth2-jose Update JwtTimestampValidator.java 2019-01-14 10:33:38 -07:00
oauth2-resource-server Reactive Opaque Token Support 2019-02-15 15:59:25 -06:00