fix(auth): add state parameters and PKCE support
Only the OAuth2 auth strategy was using the state parameter, which should be used as described in the RFC. The other auth strategies such as GitHub, GitLab or Google were lacking the state parameter. This change adds the required state parameter as well as enabling PKCE support on providers where it's possible. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson
@@ -16,6 +16,7 @@
|
||||
- Force kill the server after a timeout when waiting for the realtime server to close connections on shutdown
|
||||
- Secure iframes with `credentialless` and `sandbox` attributes
|
||||
- Fix regexes for `[time=...]`, `[name=...]` and `[color=...]` shortcodes in lists
|
||||
- Use `state` parameter for OAuth2 flows and PKCE where applicable
|
||||
|
||||
## <i class="fa fa-tag"></i> 1.10.3 <i class="fa fa-calendar-o"></i> 2025-04-09
|
||||
|
||||
|
||||
Reference in New Issue
Block a user