mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-10-29 02:02:25 -05:00
be6d80c020
# Description As I noted in https://codeberg.org/superseriousbusiness/gotosocial/pulls/2224 the PKCE code challenge method of "plain" is insecure and its usage is not recommend. In Mastodon and Hollo, we do not support it, as indicated by the `code_challenge_methods_supported` value here: https://mastodon.social/.well-known/oauth-authorization-server This pull request removes the support for PKCE code challenge method "plain". ## Checklist Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]` If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want). - [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md). - [ ] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat. - [x] I/we have not leveraged AI to create the proposed changes. - [x] I/we have performed a self-review of added code. - [x] I/we have written code that is legible and maintainable by others. - [ ] I/we have commented the added code, particularly in hard-to-understand areas. - [ ] I/we have made any necessary changes to documentation. - [ ] I/we have added tests that cover new code. - [x] I/we have run tests and they pass locally with the changes. - [ ] I/we have run `go fmt ./...` and `golangci-lint run`. I do get test failures locally, due to file sizes for media being different, but that's definitely unrelated to this change, as far as I can tell there is zero test coverage this part of the GTS code. Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4232 Co-authored-by: Emelia <thisismissem@noreply.codeberg.org> Co-committed-by: Emelia <thisismissem@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| handlers | ||
| clientstore.go | ||
| clientstore_test.go | ||
| errors.go | ||
| server.go | ||
| tokenstore.go | ||