Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OIDC device code flow without PKCE #410

Closed
m-mohr opened this issue Aug 20, 2021 · 4 comments
Closed

Support OIDC device code flow without PKCE #410

m-mohr opened this issue Aug 20, 2021 · 4 comments
Assignees
@m-mohr
Labels
minor requires a minor-version (x.1.0 for example)
Milestone
1.2.0

Comments

@m-mohr
Copy link
Member

m-mohr commented Aug 20, 2021

There's the possibility to support Device Code without PKCE it seems.

Proposal is to extend the list of allowed grant types:
https://github.com/Open-EO/openeo-api/blob/master/openapi.yaml#L1859-L1868
with
urn:ietf:params:oauth:grant-type:device_code

cc @soxofaan @aljacob
@m-mohr m-mohr added the minor requires a minor-version (x.1.0 for example) label Aug 20, 2021
@m-mohr m-mohr added this to the 1.2.0 milestone Aug 20, 2021
@m-mohr m-mohr self-assigned this Aug 20, 2021
@soxofaan soxofaan mentioned this issue Aug 20, 2021
Closed
@m-mohr
Copy link
Member Author

m-mohr commented Aug 25, 2021

It seems like authorization code flow also works without PKCE and client secret, so should be added, too.

m-mohr added a commit that referenced this issue Aug 25, 2021
@m-mohr
OIDC: Allow auth code flow and device flow (both without PKCE) as gra…
5a6dfd2 
…nts for `default_clients`. #410
@m-mohr m-mohr mentioned this issue Aug 25, 2021
Merged
@soxofaan
Copy link
Member

It seems like authorization code flow also works without PKCE and client secret, so should be added, too.

In what context or with what provider have you observed that?

@m-mohr
Copy link
Member Author

m-mohr commented Aug 25, 2021

@soxofaan None of ours, but @aljacob mentioned it today, and reading the OAuth 2.0 RFC it is indeed standardized without PKCE and PKCE itself is only an extension.

@m-mohr
Copy link
Member Author

m-mohr commented Aug 25, 2021
edited
Loading

Interestingly, it seems like the R client supports authorization_code without PKCE, but with secret:
https://github.com/Open-EO/openeo-r-client/blob/master/R/authentication.R#L99-L101

@m-mohr m-mohr closed this as completed Aug 25, 2021
This was referenced May 3, 2023
Merged
Closed
@zcernigoj zcernigoj mentioned this issue Nov 27, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@m-mohr m-mohr

Labels
minor requires a minor-version (x.1.0 for example)
Projects
None yet
Milestone
1.2.0
Development

No branches or pull requests
2 participants
@soxofaan @m-mohr