[jira] [Resolved] (CXF-9216) Switch default OAuth2 code verifier to Digest

Colm O hEigeartaigh (Jira) Thu, 21 May 2026 07:27:18 -0700


     [ 
https://issues.apache.org/jira/browse/CXF-9216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh resolved CXF-9216.
--------------------------------------
    Resolution: Fixed

> Switch default OAuth2 code verifier to Digest
> ---------------------------------------------
>
>                 Key: CXF-9216
>                 URL: https://issues.apache.org/jira/browse/CXF-9216
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 4.2.2
>
>
> As per [https://datatracker.ietf.org/doc/html/rfc7636#section-4.2]
>  Clients are
>    permitted to use "plain" only if they cannot support "S256" for some
>    technical reason and know via out-of-band configuration that the
>    server supports "plain".
> We should stop supporting PlainCodeVerifier by default if no code verifier is 
> set.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9216) Switch default OAuth2 code verifier to Digest

Reply via email to