0_0_2.md

0.0.2 (29/5/2020)¶ ↑

Features¶ ↑

• Implementation of PKCE by OAuth Public Clients (tools.ietf.org/html/rfc7636);

• Implementation of grants using “access_type” and “approval_prompt” (similar to what Google OAuth 2.0 API does);

Improvements¶ ↑

• Store token/refresh token hashes in the database, instead of the “plain” tokens;

• Client secret hashed by default, and provided by the application owner;

Fix¶ ↑

• usage of client secret for authorizing the generation of tokens, as the spec mandates (and refraining from them when doing PKCE).