Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/cheeaun/statuses/113020903361859381">Chee Aun 🤔 (cheeaun@mastodon.social)'s status on Tuesday, 27-Aug-2024 00:19:37 JST</a><a href="https://mastodon.social/@cheeaun" title="cheeaun@mastodon.social"><img src="https://gnusocial.jp/avatar/101551-48-20230315133326.webp" width="48" height="48" alt="Chee Aun 🤔" style="position: absolute; left: 0; top: 0;">Chee Aun 🤔</a></section><article><p>Gosh this PKCE stuff goes back to 2020.</p><p>Reads:<br>- Dropbox: <a href="https://dropbox.tech/developers/pkce--what-and-why-" rel="nofollow noreferrer">https://dropbox.tech/developers/pkce--what-and-why-</a><br>- Postman: <a href="https://blog.postman.com/pkce-oauth-how-to/" rel="nofollow noreferrer">https://blog.postman.com/pkce-oauth-how-to/</a><br>- Mastodon OAuth PKCE extension PR: <a href="https://github.com/mastodon/mastodon/pull/31129" rel="nofollow noreferrer">https://github.com/mastodon/mastodon/pull/31129</a><br>- Mastodon OAuth documentation PR: <a href="https://github.com/mastodon/documentation/pull/1445" rel="nofollow noreferrer">https://github.com/mastodon/documentation/pull/1445</a></p><p><a href="https://mastodon.social/tags/OAuth" rel="tag">#OAuth</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3572114#notice-7009192">In conversation</a><time datetime="2024-08-27T00:19:37+09:00" title="Tuesday, 27-Aug-2024 00:19:37 JST">about 2 months ago</time> <span>from <span><a href="https://mastodon.social/@cheeaun/113020903361859381" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@cheeaun/113020903361859381">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3085886">Authorization Code flow (with PKCE), from Postman's article.</a></label><br><a href="https://files.mastodon.social/media_attachments/files/113/020/903/216/820/422/original/3cd5556250709f28.png" rel="external">https://files.mastodon.social/media_attachments/files/113/020/903/216/820/422/original/3cd5556250709f28.png</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: aem.dropbox.com</div><h5><a href="https://dropbox.tech/developers/pkce--what-and-why-">PKCE: What and Why?</a></h5><div> from <span>Taylor Krusen</span></div></header><div>Come learn about the PKCE OAuth flow! How it works, why it’s valuable, and how to use it to authorize your Dropbox app.</div><footer></footer></article></li><li><article><header><div>Domain not in remote thumbnail source whitelist: blog.postman.com</div><h5><a href="https://blog.postman.com/pkce-oauth-how-to/">OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead | Postman Blog</a></h5><div> from <span>@petuniaGray</span></div></header><div>Learn how to use PKCE for OAuth 2.0 in Postman, and why PKCE helps improve security for native, mobile, and browser-based apps.</div><footer></footer></article></li><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/mastodon/mastodon/pull/31129">Enable OAuth PKCE Extension by ThisIsMissEm · Pull Request #31129 · mastodon/mastodon</a></h5><div></div></header><div>This pull request partially supersedes #30329, in that I've separated out the PKCE changes from the other changes.
As per OAuth 2.0 Security Best Current Practices, we MUST support PKCE.
Whilst...</div><footer></footer></article></li><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/mastodon/documentation/pull/1445#OAuth">Document new OAuth changes for 4.3.0 by ThisIsMissEm · Pull Request #1445 · mastodon/documentation</a></h5><div></div></header><div>Add /.well-known/oauth-authorization-server documentation, per Implement RFC 8414 for OAuth 2.0 server metadata mastodon#29191
 Document deprecation of redirect_uri on Application and addition of r...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Chee Aun 🤔 (cheeaun@mastodon.social)'s status on Tuesday, 27-Aug-2024 00:19:37 JST Chee Aun 🤔
Gosh this PKCE stuff goes back to 2020.
Reads:
- Dropbox: https://dropbox.tech/developers/pkce--what-and-why-
- Postman: https://blog.postman.com/pkce-oauth-how-to/
- Mastodon OAuth PKCE extension PR: https://github.com/mastodon/mastodon/pull/31129
- Mastodon OAuth documentation PR: https://github.com/mastodon/documentation/pull/1445
#OAuth
In conversationabout 2 months ago from mastodon.socialpermalink
Attachments
1. Authorization Code flow (with PKCE), from Postman's article.
  https://files.mastodon.social/media_attachments/files/113/020/903/216/820/422/original/3cd5556250709f28.png
2. Domain not in remote thumbnail source whitelist: aem.dropbox.com
  PKCE: What and Why?
  from Taylor Krusen
  Come learn about the PKCE OAuth flow! How it works, why it’s valuable, and how to use it to authorize your Dropbox app.
3. Domain not in remote thumbnail source whitelist: blog.postman.com
  OAuth 2.0: Implicit Flow is Dead, Try PKCE Instead | Postman Blog
  from @petuniaGray
  Learn how to use PKCE for OAuth 2.0 in Postman, and why PKCE helps improve security for native, mobile, and browser-based apps.
4. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Enable OAuth PKCE Extension by ThisIsMissEm · Pull Request #31129 · mastodon/mastodon
  This pull request partially supersedes #30329, in that I've separated out the PKCE changes from the other changes. As per OAuth 2.0 Security Best Current Practices, we MUST support PKCE. Whilst...
5. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  Document new OAuth changes for 4.3.0 by ThisIsMissEm · Pull Request #1445 · mastodon/documentation
  Add /.well-known/oauth-authorization-server documentation, per Implement RFC 8414 for OAuth 2.0 server metadata mastodon#29191 Document deprecation of redirect_uri on Application and addition of r...

Public

Embed Notice

HTML Code

Corresponding Notice