mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-05 03:54:35 +01:00
7d855efb1f
The PKCE flow according to [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure authorization without the requirement to provide a client secret for the OAuth app. It is implemented in Gitea since #5378 (v1.8.0), however without being able to omit client secret. Since #21316 Gitea supports setting client type at OAuth app registration. As public clients are already forced to use PKCE since #21316, in this PR the client secret check is being skipped if a public client is detected. As Gitea seems to implement PKCE authorization correctly according to the spec, this would allow for PKCE flow without providing a client secret. Also add some docs for it, please check language as I'm not a native English speaker. Closes #17107 Closes #25047 |
||
|---|---|---|
| .. | ||
| administration | ||
| contributing | ||
| development | ||
| help | ||
| installation | ||
| usage | ||
| actions.en-us.md | ||
| administration.en-us.md | ||
| administration.fr-fr.md | ||
| administration.zh-cn.md | ||
| administration.zh-tw.md | ||
| contributing.en-us.md | ||
| contributing.fr-fr.md | ||
| contributing.zh-tw.md | ||
| development.en-us.md | ||
| development.zh-cn.md | ||
| development.zh-tw.md | ||
| help.en-us.md | ||
| help.fr-fr.md | ||
| help.zh-cn.md | ||
| help.zh-tw.md | ||
| installation.en-us.md | ||
| installation.fr-fr.md | ||
| installation.zh-cn.md | ||
| installation.zh-tw.md | ||
| packages.en-us.md | ||
| search.de-de.md | ||
| search.en-us.md | ||
| search.fr-fr.md | ||
| search.nl-nl.md | ||
| search.pt-br.md | ||
| search.zh-cn.md | ||
| search.zh-tw.md | ||
| usage.en-us.md | ||
| usage.zh-cn.md | ||
| usage.zh-tw.md | ||