Diff

mod_http_oauth2/README.markdown @ 5384:b40f29ec391a

mod_http_oauth2: Allow configuring PKCE challenge methods You'd pretty much only want this to disable the 'plain' method, since it doesn't seem to add that much security?
author Kim Alvefur <zash@zash.se>
date Sat, 29 Apr 2023 13:09:49 +0200
parent 5383:df11a2cbc7b7
child 5408:3989c57cc551
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown	Sat Apr 29 13:09:46 2023 +0200
+++ b/mod_http_oauth2/README.markdown	Sat Apr 29 13:09:49 2023 +0200
@@ -129,6 +129,15 @@
 oauth2_require_code_challenge = true
 ```
 
+Further, individual challenge methods can be enabled or disabled:
+
+```lua
+allowed_oauth2_code_challenge_methods = {
+    "plain"; -- the insecure one
+    "S256";
+}
+```
+
 ## Deployment notes
 
 ### Access management