CodeVerifier should be Serializable
Issue #303
resolved
The CodeVerifier
must be stored by a client between the redirect to the authorization endpoint and the call to the token endpoint, upon receipt of the authorization code. This spans at least 2 requests, and it therefore makes sense to store the CodeVerifier
in the HTTP session. For this to work, it must be serializable.
Comments (4)
-
-
- changed status to open
-
- changed status to resolved
Addressed for CodeVerifier and parent Secret class: a65dd49
-
Out in v8.11
- Log in to comment
Thanks, makes sense. We can do this on the new 8.x.