peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-16 15:56:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
jojo/routers/web/auth
History
Gusted 388436d500 fix: verify code challenge of S256 
We do not know for sure, but it is quite likely someone assumed implicit
fallthrough. This meant that if someone used S256 for PKCE, it simply
did not verify the code challenge and always accepted it.

PKCE only started working recently as it was broken for a long time
already, forgejo/forgejo!8678
2026-03-06 11:20:40 -07:00
..
2fa.go fix: do 2FA on OpenID connect 2025-08-30 09:41:20 +02:00
auth.go fix: do casefolding in OAuth2 account autolinking (#10072) 2025-11-16 16:39:06 +01:00
auth_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
linkaccount.go chore: add email blocklist unit test 2025-08-30 09:45:19 +02:00
main_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
oauth.go fix: verify code challenge of S256 2026-03-06 11:20:40 -07:00
oauth_test.go fix: remove trailing slash from the issuer in oauth claims (#8028) 2025-06-10 20:46:17 +02:00
openid.go chore: unify the usage of CryptoRandomString (#10110) 2025-11-15 13:24:53 +01:00
password.go fix: allow unactivated users to send recovery mails (#9504) 2025-10-03 07:16:24 +02:00
webauthn.go fix: do 2FA on OpenID connect 2025-08-30 09:41:20 +02:00