oauth_pkce.rdoc

doc/oauth_pkce.rdoc
Last Update: 2024-11-29 16:14:00 +0000

Documentation for OAuth PKCE feature

The oauth_pkce feature implements the OAuth 2.0 Proof Key for Code Exchange authorization code grant extension.

tools.ietf.org/html/rfc7636

This feature depends on the oauth_authorization_code_grant feature.

Auth Value Methods

oauth_require_pkce

Enforces usage of PKCE, true by default.

oauth_pkce_challenge_method

challenge method used in PKCE flow, S256 by default.

oauth_grants_code_challenge_column

the db column where the oauth grant PKCE code challenge is stored, :code_challenge by default.

oauth_grants_code_challenge_method_column

the db column where the oauth grant PKCE code challenge method is stored, :code_challenge_method by default.

oauth_code_challenge_required_error_code

oauth error code for when PKCE code challenge is required, "invalid_request" by default.

oauth_code_challenge_required_message

error description for the “code challenge required” OAuth error code, "code challenge required" by default.

oauth_unsupported_transform_algorithm_error_code

oauth error code for when the PKCE transform algorithm is unsupported, "invalid_request" by default.

oauth_unsupported_transform_algorithm_message

error description for the PKCE “unsupported transform algorithm” OAuth error code, "transform algorithm not supported" by default.