Hi Brock, Right, so it's already happening :)
My honest preference is to give people a standard code_challenge_method client reg parameter for this job and eliminate guesswork.
~ Vladimir Vladimir Dzhuvinov On 08/10/2022 05:38, Brock Allen wrote:
> Has anyone faced the issue how an AS can handle a mix of OAuth 2.0 and 2.1 clients regarding PKCE enforcement?In Duende IdentityServer we make this a per-client setting. That makes for a very simple solution to the problem.-Brock
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
