-
New Feature
-
Resolution: Fixed
-
Normal
-
None
-
None
According to https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.1 authorization servers MUST support PKCE to prevent authorization code interception attacks.
Since our authorization codes are not stateless, this requires a schema change to add two columns to the editor_oauth_token table: code_challenge of type TEXT and code_challenge_method of type oauth_code_challenge_method.
oauth_code_challenge_method is an ENUM of ('plain', 'S256').
.
- is a dependency of
-
MBS-11058 Tighten security of OAuth service
-
- Closed
-
- is related to
-
-
- Closed
-
Support PKCE (Proof Key for Code Exchange) by OAuth clients
-
-
Resolution: Fixed
-
Normal
-
None
-
None
According to https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.1.1 authorization servers MUST support PKCE to prevent authorization code interception attacks.
Since our authorization codes are not stateless, this requires a schema change to add two columns to the editor_oauth_token table: code_challenge of type TEXT and code_challenge_method of type oauth_code_challenge_method.
oauth_code_challenge_method is an ENUM of ('plain', 'S256').
.
- is a dependency of
-
-
- Closed
-
- is related to
-
-
- Closed
-
-
Michael Wiencek
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
1 Start watching this issue
- Created:
- Updated:
- Resolved:
| Version | Package |
|---|---|
| 2020-09-21 | |
| Schema change, 2021 Q2 |