* fix: ensure oauth state param matches before finishing oauth flow
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* chore: upgrade openid-client to v6
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* feat: use PKCE for oauth2 on supported clients
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* feat: use state and PKCE in mobile app
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: remove obsolete oauth repository init
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: rewrite callback url if mobile redirect url is enabled
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: propagate oidc client error cause when oauth callback fails
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: adapt auth service tests to required state and PKCE params
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: update sdk types
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: adapt oauth e2e test to work with PKCE
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
* fix: allow insecure (http) oauth clients
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
---------
Signed-off-by: Tin Pecirep <tin.pecirep@gmail.com>
Co-authored-by: Jason Rasmussen <jason@rasm.me>
