Skip to content

Add support for authorization code grant with PKCE for distributed apps#4

Open
ls-youssef-jlidat wants to merge 1 commit intomainfrom
support-acg-with-pkce-v2
Open

Add support for authorization code grant with PKCE for distributed apps#4
ls-youssef-jlidat wants to merge 1 commit intomainfrom
support-acg-with-pkce-v2

Conversation

@ls-youssef-jlidat
Copy link
Copy Markdown
Collaborator

@ls-youssef-jlidat ls-youssef-jlidat commented Apr 13, 2026

Summary

  • Synced fork with upstream bshaffer/oauth2-server-php main branch
  • Includes upstream PHP 8.4 compatibility fix (1c715c2 - add explicit null to nullable types)
  • Re-applies custom PKCE for distributed apps commit (de7e02d) on top of the updated base

Context

@ls-sean-fraser @ls-youssef-jlidat
Add support for authorization code grant with PKCE for distributed apps
97dd03f 
move handlers for code challenge from OIDC Authorization Controller to the base authorization controller, so that non-OIDC flows can leverage it as well

Add mechanism to enforce PKCE code challenges for public clients

Add mechanism to configure supported code challenge methods

change code_verifier comparison to use hash_equals() to avoid timing attacks

added tests for all PKCE code challenge flows
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ls-youssef-jlidat @ls-sean-fraser