[jira] [Created] (CXF-9216) Switch default OAuth2 code verifier to Digest

Colm O hEigeartaigh (Jira) Thu, 21 May 2026 01:59:19 -0700

Colm O hEigeartaigh created CXF-9216:
----------------------------------------


             Summary: Switch default OAuth2 code verifier to Digest
                 Key: CXF-9216
                 URL: https://issues.apache.org/jira/browse/CXF-9216
             Project: CXF
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 4.2.2


As per [https://datatracker.ietf.org/doc/html/rfc7636#section-4.2]
 Clients are
   permitted to use "plain" only if they cannot support "S256" for some
   technical reason and know via out-of-band configuration that the
   server supports "plain".
We should stop supporting PlainCodeVerifier by default if no code verifier is 
set.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9216) Switch default OAuth2 code verifier to Digest

Reply via email to