Enable public clients to exchange codes for access tokens #14

ansv7779 · 2026-02-17T14:31:48+01:00

ansv7779 commented

2026-02-17 14:31:48 +01:00

Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy.

This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.

Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy. This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.

ansv7779 added 1 commit 2026-02-17 14:31:49 +01:00

Enable public clients to exchange codes for access tokens

/ build (push) Successful in 2m0s

Details

3eeb5d7801

Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy.

This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.

ansv7779 force-pushed public-client-token-exchange from 3eeb5d7801 to 6db1ce23d1

2026-02-18 13:46:28 +01:00

Compare

ansv7779 requested review from stne3960 2026-02-18 15:49:08 +01:00

stne3960 approved these changes 2026-02-19 14:10:00 +01:00

ansv7779 referenced this issue from a commit

2026-02-20 09:20:43 +01:00

Enable public clients to exchange codes for access tokens (#14)

ansv7779 manually merged commit e20d7e7dd4 into main

2026-02-20 09:21:13 +01:00

ansv7779 deleted branch public-client-token-exchange

2026-02-20 09:21:26 +01:00

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: DMC/oauth2-authorization-server#14