Implements PKCE (Proof Key for Code Exchange)

[babariviere]

RFC 7636 (https://tools.ietf.org/html/rfc7636)

[ericchiang]

Thanks! This is interesting. I'll need some time to review the RFC to review this PR.

[stpabhi]

@babariviere Any plans on updating other storage options? I created a fork to implement k8s storage and others (wip) here stpabhi@6c184bb

[babariviere]

@stpabhi I plan to implement Redis storage, I may do it this week

[stpabhi]

I meant etcd and k8s storage options for pkce. I don’t see the code for them in this PR.

[babariviere]

Oh sorry, I have misunderstood. I will do it today

[babariviere]

@stpabhi it's done if you want to use it

[stpabhi]

@babariviere thanks, we have already forked dex and implemented pkce internally. I’m interested in getting it done upstream rather than branching out.

[stpabhi]

I have few suggestions on the PR.

• Add code challenge methods to discovery
• Add check for unsupported code challenge methods here
• Add tests and update conformance test.

[babariviere]

I will add test later

[srenatus]

Thanks a lot, this is a nice contribution.

The comments inline aside, can we add a test or two? ;)

Update: I've seen this to late

I will add test later

[Teeed]

Adding link to issue here: #1114 (I have just implemented PKCE by my own because of issue #1114 had no PR assigned).

[mackenzie-orange]

What's the status of this PR? Looks like the downstream branch got deleted :/.

[babariviere]

Yes, sorry. I have to close the source as they were some code written for my company.
I will recreate it if necessary.

[Teeed]

It is sad that this was not merged year (!) ago. As I can see code is still available in this PR. I have mine implementation of PKCE laying around if necessary (if this PR could not be merged for some reason).