mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-02-15 18:40:07 +00:00
fix: do not require PKCE for public clients
This commit is contained in:
Elias Schneider
@@ -506,7 +506,7 @@ func (s *OidcService) CreateClient(ctx context.Context, input dto.OidcClientCrea
|
|||||||
LogoutCallbackURLs: input.LogoutCallbackURLs,
|
LogoutCallbackURLs: input.LogoutCallbackURLs,
|
||||||
CreatedByID: userID,
|
CreatedByID: userID,
|
||||||
IsPublic: input.IsPublic,
|
IsPublic: input.IsPublic,
|
||||||
PkceEnabled: input.IsPublic || input.PkceEnabled,
|
PkceEnabled: input.PkceEnabled,
|
||||||
}
|
}
|
||||||
|
|
||||||
err := s.db.
|
err := s.db.
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "URL zpětného volání",
|
"callback_urls": "URL zpětného volání",
|
||||||
"logout_callback_urls": "URL zpětného volání při odhlášení",
|
"logout_callback_urls": "URL zpětného volání při odhlášení",
|
||||||
"public_client": "Veřejný klient",
|
"public_client": "Veřejný klient",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Veřejní klienti nemají client secret a místo toho používají PKCE. Povolte to, pokud je váš klient SPA nebo mobilní aplikace.",
|
"public_clients_description": "Veřejní klienti nemají client secret a místo toho používají PKCE. Povolte to, pokud je váš klient SPA nebo mobilní aplikace.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Exchange je bezpečnostní funkce, která zabraňuje útokům CSRF a narušení autorizačních kódů.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Exchange je bezpečnostní funkce, která zabraňuje útokům CSRF a narušení autorizačních kódů.",
|
||||||
"name_logo": "Logo {name}",
|
"name_logo": "Logo {name}",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URLs",
|
"callback_urls": "Callback URLs",
|
||||||
"logout_callback_urls": "Abmelde Callback URLs",
|
"logout_callback_urls": "Abmelde Callback URLs",
|
||||||
"public_client": "Öffentlicher Client",
|
"public_client": "Öffentlicher Client",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Öffentliche Clients haben kein Client-Geheimnis und verwenden stattdessen PKCE. Aktiviere dies, wenn dein Client eine SPA oder mobile App ist.",
|
"public_clients_description": "Öffentliche Clients haben kein Client-Geheimnis und verwenden stattdessen PKCE. Aktiviere dies, wenn dein Client eine SPA oder mobile App ist.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Der Public Key Code Exchange (öffentlicher Schlüsselaustausch) ist eine Sicherheitsfunktion, um CSRF Angriffe und Angriffe zum Abfangen von Autorisierungscodes zu verhindern.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Der Public Key Code Exchange (öffentlicher Schlüsselaustausch) ist eine Sicherheitsfunktion, um CSRF Angriffe und Angriffe zum Abfangen von Autorisierungscodes zu verhindern.",
|
||||||
"name_logo": "{name} Logo",
|
"name_logo": "{name} Logo",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URLs",
|
"callback_urls": "Callback URLs",
|
||||||
"logout_callback_urls": "Logout Callback URLs",
|
"logout_callback_urls": "Logout Callback URLs",
|
||||||
"public_client": "Public Client",
|
"public_client": "Public Client",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
"public_clients_description": "Public clients do not have a client secret. They are designed for mobile, web, and native applications where secrets cannot be securely stored.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
||||||
"name_logo": "{name} logo",
|
"name_logo": "{name} logo",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URLs",
|
"callback_urls": "Callback URLs",
|
||||||
"logout_callback_urls": "Logout Callback URLs",
|
"logout_callback_urls": "Logout Callback URLs",
|
||||||
"public_client": "Public Client",
|
"public_client": "Public Client",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
"public_clients_description": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
||||||
"name_logo": "{name} logo",
|
"name_logo": "{name} logo",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "URL de callback",
|
"callback_urls": "URL de callback",
|
||||||
"logout_callback_urls": "URL de callback de déconnexion",
|
"logout_callback_urls": "URL de callback de déconnexion",
|
||||||
"public_client": "Client public",
|
"public_client": "Client public",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Les clients publics n'ont pas de secret client et utilisent PKCE à la place. Activez cette option si votre client est une application SPA ou une application mobile.",
|
"public_clients_description": "Les clients publics n'ont pas de secret client et utilisent PKCE à la place. Activez cette option si votre client est une application SPA ou une application mobile.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Le Public Key Code Exchange est une fonctionnalité de sécurité conçue pour prévenir les attaques CSRF et l’interception de code d’autorisation.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Le Public Key Code Exchange est une fonctionnalité de sécurité conçue pour prévenir les attaques CSRF et l’interception de code d’autorisation.",
|
||||||
"name_logo": "Logo {name}",
|
"name_logo": "Logo {name}",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "URL di callback",
|
"callback_urls": "URL di callback",
|
||||||
"logout_callback_urls": "URL di callback per il logout",
|
"logout_callback_urls": "URL di callback per il logout",
|
||||||
"public_client": "Client pubblico",
|
"public_client": "Client pubblico",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "I client pubblici non hanno un client secret e utilizzano PKCE. Abilita questa opzione se il tuo client è una SPA o un'app mobile.",
|
"public_clients_description": "I client pubblici non hanno un client secret e utilizzano PKCE. Abilita questa opzione se il tuo client è una SPA o un'app mobile.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Il Public Key Code Exchange è una funzionalità di sicurezza per prevenire attacchi CSRF e intercettazione del codice di autorizzazione.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Il Public Key Code Exchange è una funzionalità di sicurezza per prevenire attacchi CSRF e intercettazione del codice di autorizzazione.",
|
||||||
"name_logo": "Logo di {name}",
|
"name_logo": "Logo di {name}",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback-URL's",
|
"callback_urls": "Callback-URL's",
|
||||||
"logout_callback_urls": "Callback-URL's voor afmelden",
|
"logout_callback_urls": "Callback-URL's voor afmelden",
|
||||||
"public_client": "Publieke client",
|
"public_client": "Publieke client",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Publieke clients hebben geen client secret en gebruiken in plaats daarvan PKCE. Schakel dit in als uw client een SPA of mobiele app is.",
|
"public_clients_description": "Publieke clients hebben geen client secret en gebruiken in plaats daarvan PKCE. Schakel dit in als uw client een SPA of mobiele app is.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is een beveiligingsfunctie om CSRF- en autorisatiecode-onderscheppingsaanvallen te voorkomen.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is een beveiligingsfunctie om CSRF- en autorisatiecode-onderscheppingsaanvallen te voorkomen.",
|
||||||
"name_logo": "{name} logo",
|
"name_logo": "{name} logo",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URLs",
|
"callback_urls": "Callback URLs",
|
||||||
"logout_callback_urls": "Logout Callback URLs",
|
"logout_callback_urls": "Logout Callback URLs",
|
||||||
"public_client": "Public Client",
|
"public_client": "Public Client",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
"public_clients_description": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
||||||
"name_logo": "{name} logo",
|
"name_logo": "{name} logo",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URLs",
|
"callback_urls": "Callback URLs",
|
||||||
"logout_callback_urls": "Logout Callback URLs",
|
"logout_callback_urls": "Logout Callback URLs",
|
||||||
"public_client": "Public Client",
|
"public_client": "Public Client",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
"public_clients_description": "Public clients do not have a client secret and use PKCE instead. Enable this if your client is a SPA or mobile app.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
|
||||||
"name_logo": "{name} logo",
|
"name_logo": "{name} logo",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URLs",
|
"callback_urls": "Callback URLs",
|
||||||
"logout_callback_urls": "Logout Callback URLs",
|
"logout_callback_urls": "Logout Callback URLs",
|
||||||
"public_client": "Публичный клиент",
|
"public_client": "Публичный клиент",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "Публичные клиенты не имеют клиентского секрета и вместо этого используют PKCE. Включите, если ваш клиент является SPA или мобильным приложением.",
|
"public_clients_description": "Публичные клиенты не имеют клиентского секрета и вместо этого используют PKCE. Включите, если ваш клиент является SPA или мобильным приложением.",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange — это функция безопасности для предотвращения атак CSRF и перехвата кода авторизации.",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange — это функция безопасности для предотвращения атак CSRF и перехвата кода авторизации.",
|
||||||
"name_logo": "Логотип {name}",
|
"name_logo": "Логотип {name}",
|
||||||
|
|||||||
@@ -276,7 +276,7 @@
|
|||||||
"callback_urls": "Callback URL",
|
"callback_urls": "Callback URL",
|
||||||
"logout_callback_urls": "Logout Callback URL",
|
"logout_callback_urls": "Logout Callback URL",
|
||||||
"public_client": "公共客户端",
|
"public_client": "公共客户端",
|
||||||
"public_clients_do_not_have_a_client_secret_and_use_pkce_instead": "公共客户端没有客户端密钥,而是使用 PKCE。如果您的客户端是 SPA 或移动应用,请启用此选项。",
|
"public_clients_description": "公共客户端没有客户端密钥,而是使用 PKCE。如果您的客户端是 SPA 或移动应用,请启用此选项。",
|
||||||
"pkce": "PKCE",
|
"pkce": "PKCE",
|
||||||
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "公钥代码交换是一种安全功能,可防止 CSRF 和授权代码拦截攻击。",
|
"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "公钥代码交换是一种安全功能,可防止 CSRF 和授权代码拦截攻击。",
|
||||||
"name_logo": "{name} Logo",
|
"name_logo": "{name} Logo",
|
||||||
|
|||||||
@@ -33,7 +33,7 @@
|
|||||||
callbackURLs: existingClient?.callbackURLs || [''],
|
callbackURLs: existingClient?.callbackURLs || [''],
|
||||||
logoutCallbackURLs: existingClient?.logoutCallbackURLs || [],
|
logoutCallbackURLs: existingClient?.logoutCallbackURLs || [],
|
||||||
isPublic: existingClient?.isPublic || false,
|
isPublic: existingClient?.isPublic || false,
|
||||||
pkceEnabled: existingClient?.isPublic == true || existingClient?.pkceEnabled || false
|
pkceEnabled: existingClient?.pkceEnabled || false
|
||||||
};
|
};
|
||||||
|
|
||||||
const formSchema = z.object({
|
const formSchema = z.object({
|
||||||
@@ -98,17 +98,13 @@
|
|||||||
<CheckboxWithLabel
|
<CheckboxWithLabel
|
||||||
id="public-client"
|
id="public-client"
|
||||||
label={m.public_client()}
|
label={m.public_client()}
|
||||||
description={m.public_clients_do_not_have_a_client_secret_and_use_pkce_instead()}
|
description={m.public_clients_description()}
|
||||||
onCheckedChange={(v) => {
|
|
||||||
if (v == true) form.setValue('pkceEnabled', true);
|
|
||||||
}}
|
|
||||||
bind:checked={$inputs.isPublic.value}
|
bind:checked={$inputs.isPublic.value}
|
||||||
/>
|
/>
|
||||||
<CheckboxWithLabel
|
<CheckboxWithLabel
|
||||||
id="pkce"
|
id="pkce"
|
||||||
label={m.pkce()}
|
label={m.pkce()}
|
||||||
description={m.public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks()}
|
description={m.public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks()}
|
||||||
disabled={$inputs.isPublic.value}
|
|
||||||
bind:checked={$inputs.pkceEnabled.value}
|
bind:checked={$inputs.pkceEnabled.value}
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Reference in New Issue
Block a user