Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oauth: feat: add support of PKCE #9287

Merged
merged 1 commit into from
Dec 27, 2023
Merged

oauth: feat: add support of PKCE #9287

merged 1 commit into from
Dec 27, 2023

Conversation

EdouardVanbelle
Copy link
Contributor

Hello please find the PKCE implementation (RFC 7636)

  • by default it is enabled, if server do not implement it, PKCE extra parameters will be ignored (as requested by RFC)
  • I did not implemented plain as requested as we can directly support S256 hash method
  • I used a hash array to prepare future hahses (even if RFC specifies only S256 right now)

This covers this request: #8757

alecpl
alecpl requested changes Dec 26, 2023
View reviewed changes
config/defaults.inc.php Outdated Show resolved Hide resolved
program/include/rcmail_oauth.php Outdated Show resolved Hide resolved
program/include/rcmail_oauth.php
];
}

$this->log_debug("requesting authorization code via a redirect to %s with scope='%s' and pkce method=%s",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm just thinking maybe logging the full url instead would be better.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did it to avoid leak of sensitive data like the nonce in other pull request

This was referenced Dec 27, 2023
Merged
Merged
Merged
Merged
Merged
Merged
@Neustradamus
Copy link

@EdouardVanbelle: Nice, good job!

Linked to:

@Neustradamus Neustradamus mentioned this pull request Dec 27, 2023
Merged
alecpl
alecpl requested changes Dec 27, 2023
View reviewed changes
program/include/rcmail_oauth.php Outdated Show resolved Hide resolved
program/include/rcmail_oauth.php Outdated Show resolved Hide resolved
program/include/rcmail_oauth.php Outdated Show resolved Hide resolved
program/include/rcmail_oauth.php Outdated Show resolved Hide resolved
@EdouardVanbelle
oauth: feat: add support of PKCE
100f1b7 
Signed-off-by: Edouard Vanbelle <[email protected]>
@alecpl alecpl merged commit 9c769c2 into roundcube:master Dec 27, 2023
15 checks passed
@alecpl alecpl added this to the 1.7-beta milestone Dec 27, 2023
@EdouardVanbelle
Copy link
Contributor Author

Thank you !

@EdouardVanbelle EdouardVanbelle deleted the feat/oauth-pkce branch December 29, 2023 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alecpl alecpl Awaiting requested review from alecpl

Assignees
No one assigned
Labels
C: OAuth enhancement
Projects
None yet
Milestone
1.7-beta
Development

Successfully merging this pull request may close these issues.
3 participants
@EdouardVanbelle @Neustradamus @alecpl