[jira] [Created] (CXF-9215) Enforce PKCE by default

Colm O hEigeartaigh (Jira) Thu, 21 May 2026 01:32:05 -0700

Colm O hEigeartaigh created CXF-9215:
----------------------------------------


             Summary: Enforce PKCE by default
                 Key: CXF-9215
                 URL: https://issues.apache.org/jira/browse/CXF-9215
             Project: CXF
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 4.3.0


In AuthorizationCodeGrantHandler.java (Lines 42-44), the flags
'requireCodeVerifier' and 'expectCodeVerifierForPublicClients' default to
false.

 

RFC Violation: RFC 7636 Section 4.1 recommends enforcing PKCE for all
authorization code grants.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9215) Enforce PKCE by default

Reply via email to