Part 1: Reject public clients that do not support PKCE

Branch: josephheenan/fapi:require-pkce-for-public-clients

Branch: openid/fapi:master

Merged

#54 · Created 2018-04-25 · Last updated 2018-05-10

Merged pull request

Merged in josephheenan/fapi/require-pkce-for-public-clients (pull request #54)

5f46d33·Author: Joseph Heenan·2018-05-10

Description

Part 1 currently says the authorization server 'shall support [RFC7636] with S256 as the code challenge method if it supports public clients'.

RFC7636 section 4.4.1 says "If the server requires Proof Key for Code Exchange ...".

This does not appear to require that the authorisation server rejects public clients that do not support PKCE. I believe such clients should be rejected, so the 'shall support' is changed to 'shall require'.

Part 1: Reject public clients that do not support PKCE

Merged pull request

Description

0 attachments

0 comments

Loading commits...