Skip to content

Add PKCE capability to the SSO login #4974

New issue
New issue
Open
Feature
Open
Add PKCE capability to the SSO login#4974
Feature
Assignees
acwhite211
Labels
1 - EnhancementImprovements or extensions to existing behavior2 - Security & AccountsIssues that are related to the permission system and user accountspythonPull requests that update Python code
Milestone
7.x
@acwhite211

Description

@acwhite211
acwhite211
opened on Jun 3, 2024

There has been a request from NMBE to upgrade our SSO to use PKCE (Proof Key for Code Exchange). The PKCE flow ensures that even if the authorization code is intercepted, an attacker cannot exchange it for an access token without the original code verifier. This makes the flow much more secure, especially for public clients.

Here is a link to the discussion in discourse https://discourse.specifysoftware.org/t/login-with-entraid-azure/1373/15

Describe the solution you'd like

To implement this PKCE upgrade in our Django project in the OAuth login process, we'll need to modify the login flow to include the generation of the "code_verifier" and "code_challenge".

Describe alternatives you've considered

A clear and concise description of any alternative solutions or features you've considered.

Reported By
NMBE

Metadata

Metadata

Assignees

Labels

1 - EnhancementImprovements or extensions to existing behavior2 - Security & AccountsIssues that are related to the permission system and user accountspythonPull requests that update Python code

Type

Feature

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions