Enable public clients to exchange codes for access tokens #14
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "public-client-token-exchange"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy.
This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.
3eeb5d7801to6db1ce23d1