Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2020-09-21
-
Component/s: Schema Change
-
Labels:None
Description
According to https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.1 authorization servers MUST support PKCE to prevent authorization code interception attacks.
Since our authorization codes are not stateless, this requires a schema change to add two columns to the editor_oauth_token table: code_challenge of type TEXT and code_challenge_method of type oauth_code_challenge_method.
oauth_code_challenge_method is an ENUM of ('plain', 'S256').
.
Attachments
Issue Links
- is a dependency of
-
MBS-11058 Tighten security of OAuth service
-
- Closed
-