Skip to content

Note that PKCE is not supported #24965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 25, 2023
Merged

Note that PKCE is not supported #24965

merged 3 commits into from
Apr 25, 2023
+2 −0

Conversation

hickford
Copy link
Contributor

@hickford hickford commented Apr 10, 2023
edited
Loading

Most other OAuth servers support PKCE, so it's worthwhile to note this limitation of GitHub. at https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps

Also because of security implementations https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.7.1

Clients MUST ensure that the AS supports PKCE before using PKCE for CSRF protection. If an authorization server does not support PKCE, state or nonce MUST be used for CSRF protection.

Check off the following:

  • I have reviewed my changes in staging (look for the "Automatically generated comment" and click the links in the "Preview" column to view your latest changes).
  • For content changes, I have completed the self-review checklist.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Apr 10, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Apr 10, 2023
edited
Loading

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps.md fpt
ghec
ghes@ 3.8 3.7 3.6 3.5 3.4
ghae
 fpt
ghec
ghes@ 3.8 3.7 3.6 3.5 3.4
ghae

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server
ghae: GitHub AE

@steveward steveward added content This issue or pull request belongs to the Docs Content team developers Content related to developers needs SME This proposal needs review from a subject matter expert and removed triage Do not begin working on this issue until triaged by the team labels Apr 12, 2023
@github-actions
Copy link
Contributor

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀

@steveward steveward added the waiting for review Issue/PR is waiting for a writer's review label Apr 12, 2023
@steveward
Copy link
Member

Thanks for the PR @hickford. This was brought up in #22270, and we're still waiting for a technical review there. I'll get this triaged for review as well.

@steveward steveward mentioned this pull request Apr 12, 2023
Closed
1 task
@skedwards88
Copy link
Contributor

@github/ecosystem-apps-reviewers Can you review this PR from a technical perspective?

@Cruzillian

This comment was marked as spam.

Sign in to view
@nikymorg
Copy link
Contributor

Tagging in @hpsin to review for @github/ecosystem-apps-reviewers. 🙇

hpsin
hpsin suggested changes Apr 21, 2023
View reviewed changes
@hickford hickford requested a review from hpsin April 22, 2023 05:54
@cmwilson21 cmwilson21 added SME reviewed An SME has reviewed this issue/PR and removed needs SME This proposal needs review from a subject matter expert labels Apr 24, 2023
hpsin
hpsin approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@hpsin hpsin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for including this @hickford ! Looking forward to replacing it with details of how to use these once we are able to add it.

@hickford
Copy link
Contributor Author

@hpsin thanks. Please could you also review related PR #24964 ?

skedwards88
skedwards88 approved these changes Apr 24, 2023
View reviewed changes
Copy link
Contributor

@skedwards88 skedwards88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this addition @hickford and thanks for the review @hpsin ! We'll get this merged down.

@skedwards88 skedwards88 added this pull request to the merge queue Apr 24, 2023
@skedwards88 skedwards88 added the ready to merge This pull request is ready to merge label Apr 24, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Apr 24, 2023
@cmwilson21 cmwilson21 enabled auto-merge April 25, 2023 14:54
@cmwilson21 cmwilson21 added this pull request to the merge queue Apr 25, 2023
Merged via the queue into github:main with commit ef7d775 Apr 25, 2023
@github-actions
Copy link
Contributor

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

@hickford hickford deleted the patch-6 branch September 3, 2024 16:07
Jon858545 pushed a commit to Jon858545/docs that referenced this pull request Sep 29, 2024
@hickford @cmwilson21
Note that PKCE is not supported (github#24965)
85c8e29 
Co-authored-by: Courtney Wilson <77312589+cmwilson21@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hpsin hpsin hpsin approved these changes

@skedwards88 skedwards88 skedwards88 approved these changes

Assignees
No one assigned
Labels
content This issue or pull request belongs to the Docs Content team developers Content related to developers ready to merge This pull request is ready to merge SME reviewed An SME has reviewed this issue/PR waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@hickford @steveward @skedwards88 @Cruzillian @nikymorg @hpsin @cmwilson21