Support PKCE Code Verification
bruceharrison1984 opened this issue · comments
Bruce Harrison commented
Currently PKCE isn't implemented, so no code_challenge
nor code_challenge_method
is sent during the initial Authorization handshake.
This breaks any applications that expressly require PKCE in order to authenticate.
Sergio Xalambrí commented
Bruce Harrison commented
Ah, you are correct. I was looking at query params instead of cookies, which obviously won't work for a SSR application. Thanks!