CodeVerifier should be Serializable

Issue #303 resolved
Emond Papegaaij created an issue

The CodeVerifier must be stored by a client between the redirect to the authorization endpoint and the call to the token endpoint, upon receipt of the authorization code. This spans at least 2 requests, and it therefore makes sense to store the CodeVerifier in the HTTP session. For this to work, it must be serializable.

Comments (4)

  1. Log in to comment