Enable public clients to exchange codes for access tokens #14

Manually merged

ansv7779 merged 1 commits from public-client-token-exchange into main

2026-02-20 09:21:13 +01:00

Author	SHA1	Message	Date
Andreas Svanberg	6db1ce23d1	Enable public clients to exchange codes for access tokens All checks were successful / build (push) Successful in 3m21s Details Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy. This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.	2026-02-18 13:45:54 +01:00

Author

SHA1

Message

Date

Andreas Svanberg

6db1ce23d1

Enable public clients to exchange codes for access tokens

/ build (push) Successful in 3m21s

Details

Public clients are intended to be supported with PKCE as a requirement. However, since exchanging the authorization code for a token is a cross-origin POST request it will be blocked due to lack of a CORS policy.

This change introduces a CORS policy for just the token exchange endpoint where POST is allowed.

2026-02-18 13:45:54 +01:00

Enable public clients to exchange codes for access tokens #14

1 Commits