0.0.2 (29/5/2020)¶ ↑
Features¶ ↑
-
Implementation of PKCE by OAuth Public Clients (tools.ietf.org/html/rfc7636);
-
Implementation of grants using “access_type” and “approval_prompt” (similar to what Google OAuth 2.0 API does);
Improvements¶ ↑
-
Store token/refresh token hashes in the database, instead of the “plain” tokens;
-
Client secret hashed by default, and provided by the application owner;
Fix¶ ↑
-
usage of client secret for authorizing the generation of tokens, as the spec mandates (and refraining from them when doing PKCE).