Add support for Public Clients and add PKCE (!4) · Merge requests · IFCA Computing / Cloud / keystoneauth-oidc

Álvaro López García requested to merge github/fork/bbc/master into master Oct 14, 2020

Created by: dannymeloy

Addition of Proof Key for Exchange (PKCE) support for public clients.

These changes allow for the omission of the --os-client-secret parameter for public clients who do not have a full set of client credentials. This allows for the common use case of people accessing openstack from command line clients that act as "public clients" which should not have client secrets as per the OAuth Spec.

PKCE is thus added to counter auth code highjacking and replay attacks as recommended in the OAuth Best Practice Guide.

Add support for Public Clients and add PKCE

Merge request reports