-
New Feature
-
Resolution: Fixed
-
Normal
-
None
-
None
According to https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.1 authorization servers MUST support PKCE to prevent authorization code interception attacks.
Since our authorization codes are not stateless, this requires a schema change to add two columns to the editor_oauth_token table: code_challenge of type TEXT and code_challenge_method of type oauth_code_challenge_method.
oauth_code_challenge_method is an ENUM of ('plain', 'S256').
.
- is a dependency of
-
MBS-11058 Tighten security of OAuth service
-
- Closed
-