Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PKCE support with oauthlib 3.2.0 #497

Merged
merged 21 commits into from
Feb 27, 2024
Merged

Add PKCE support with oauthlib 3.2.0 #497

merged 21 commits into from
Feb 27, 2024

Conversation

JonathanHuot
Copy link
Contributor

Since oauthlib 3.2.0 now supports PKCE for Clients (https://github.com/oauthlib/oauthlib/releases/tag/v3.2.0), this PR proposes a first implementation .
Any feedbacks are welcome, I'm not sure it is production ready yet.

Change from:
session = OAuth2Session(client_id)
to
session = OAuth2Session(app.client_id, pkce="S256")

And be sure to reuse the same session for fetch_token, as it will need to remember code_verifier. It is not really practical beyond PoC, so any suggestions are welcome.

@JonathanHuot JonathanHuot changed the title WIP: Add PKCE support with oauthlib 3.2.0 Add PKCE support with oauthlib 3.2.0 Jan 10, 2023
kianmeng and others added 20 commits February 27, 2024 08:33
@kianmeng @JonathanHuot
Fix typos
dd41571
@cclauss @JonathanHuot
README.rst: Update the URL for requests
62b163a 
The old destination is no longer working.
@kianmeng @JonathanHuot
Give description to tox environments
4d645b2
@hugovk @JonathanHuot
Add support for Python 3.11 and 3.12
bd00579
@JonathanHuot
Removed deprecated python versions, following oauthlib downstream com…
a4588f0 
…patibility
@JonathanHuot
Add ruff instead of black
8f69028
@JonathanHuot
Fix tox -e readme build
51b31a1
@JonathanHuot
Updated twine to latest tox
4fd73a6
@JonathanHuot
Updated github actions
bcaae4d
@JonathanHuot
Fix pypy build in github action
5c4b23d
@JonathanHuot
Add pypy cryptography dependencies
03ca72b 
Would be easier to install wheel, so make the GH ubuntu compatible with one of the manylinux provided by cryptography.
@JonathanHuot
Run test for all pypy versions
79382db
@JonathanHuot
Updated to latest oauthlib to use cryptography wheel
f5c30cb
@JonathanHuot
Updated to 1.4.0
68c2841
@dosisod @JonathanHuot
Update Python 2 examples in docs to Python 3
637b2ee
@gabrielsroka @JonathanHuot
Update README.rst
6925d4c
@voiduin @JonathanHuot
Update index.rst
fcba340 
Small fixes:
- Delete not used import url_for
- Add flask app
- Add secret_key for flask session
@JonathanHuot
Add PKCE sample in docs
9e6f581 
Changed default behavior of having client_id i params when secret does not exist
@JonathanHuot
Merge branch 'master' into pkce
9bfe173
@JonathanHuot
Added include_client_id into Auth0 example i/o changing default behavior
596beb5
@coveralls
Copy link

Coverage Status

coverage: 90.406% (-0.2%) from 90.584%
when pulling 596beb5 on pkce
into 424adf0 on master.

@JonathanHuot JonathanHuot merged commit 39fe529 into master Feb 27, 2024
7 checks passed
@JonathanHuot JonathanHuot added this to the 1.4.0 milestone Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@auvipy auvipy auvipy approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.
9 participants
@JonathanHuot @coveralls @auvipy @kianmeng @cclauss @hugovk @dosisod @gabrielsroka @voiduin