connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #303 - CodeVerifier should be Serializable — Bitbucket

Issue #303 resolved

Emond Papegaaij created an issue 2020-06-27

The CodeVerifier must be stored by a client between the redirect to the authorization endpoint and the call to the token endpoint, upon receipt of the authorization code. This spans at least 2 requests, and it therefore makes sense to store the CodeVerifier in the HTTP session. For this to work, it must be serializable.

‌

Comments (4)

Vladimir Dzhuvinov
Thanks, makes sense. We can do this on the new 8.x.
- 2020-06-27T10:41:22+00:00
Yavor Vasilev
- changed status to open
- 2020-06-27T15:53:37+00:00
Yavor Vasilev
- changed status to resolved
Addressed for CodeVerifier and parent Secret class: a65dd49
- 2020-06-27T16:19:24+00:00
Yavor Vasilev
Out in v8.11
- 2020-06-28T11:54:49+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!