Enable public clients to exchange codes for access tokens #14

Manually merged
ansv7779 merged 1 commits from public-client-token-exchange into main 2026-02-20 09:21:13 +01:00

1 Commits

Author SHA1 Message Date
6db1ce23d1
Enable public clients to exchange codes for access tokens
All checks were successful
/ build (push) Successful in 3m21s
Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy.

This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.
2026-02-18 13:45:54 +01:00