Skip to content

PKCE: Unset oauth2pkceCode from session after login? #991

Description

@hkirsman

There's this example in dev release for PKCE

// Store the PKCE code after the `getAuthorizationUrl()` call.
$_SESSION['oauth2pkceCode'] = $provider->getPkceCode();
// ...
// Restore the PKCE code before the `getAccessToken()` call. 
$provider->setPkceCode($_SESSION['oauth2pkceCode']);

What about unsettling the $_SESSION['oauth2pkceCode'] after setPkceCode() is done?

unset($_SESSION['oauth2pkceCode']);

There's no reason to keep it around, is there?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions