From 88e71001d156e81860aabbb8a210d0ac9901031e Mon Sep 17 00:00:00 2001 From: ManHat Date: Thu, 1 Aug 2024 01:06:58 +0300 Subject: [PATCH 1/3] OAuth2 PKCE extension --- docs/topics/OAuth2.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/topics/OAuth2.md b/docs/topics/OAuth2.md index 8578f70844..ad437dd383 100644 --- a/docs/topics/OAuth2.md +++ b/docs/topics/OAuth2.md @@ -64,6 +64,10 @@ When a user begins an authorization flow on the client, a `state` is generated t While Discord does not require the use of the `state` parameter, we support it and highly recommend that you implement it for the security of your own applications and data. +## Proof Key for Code Exchange (PCKE) + +... + ## Authorization Code Grant The authorization code grant is what most developers will recognize as "standard OAuth2" and involves retrieving an access code and exchanging it for a user's access token. It allows the authorization server to act as an intermediary between the client and the resource owner, so the resource owner's credentials are never shared directly with the client. From 799c27e26ef5ed191d8ab32e7028a2a4860d3448 Mon Sep 17 00:00:00 2001 From: ManHat Date: Thu, 1 Aug 2024 01:09:28 +0300 Subject: [PATCH 2/3] undo --- docs/topics/OAuth2.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/topics/OAuth2.md b/docs/topics/OAuth2.md index ad437dd383..8578f70844 100644 --- a/docs/topics/OAuth2.md +++ b/docs/topics/OAuth2.md @@ -64,10 +64,6 @@ When a user begins an authorization flow on the client, a `state` is generated t While Discord does not require the use of the `state` parameter, we support it and highly recommend that you implement it for the security of your own applications and data. -## Proof Key for Code Exchange (PCKE) - -... - ## Authorization Code Grant The authorization code grant is what most developers will recognize as "standard OAuth2" and involves retrieving an access code and exchanging it for a user's access token. It allows the authorization server to act as an intermediary between the client and the resource owner, so the resource owner's credentials are never shared directly with the client. From 4d7c6d502ad54562d0d9317851dd38540730cfbb Mon Sep 17 00:00:00 2001 From: ManHat Date: Thu, 1 Aug 2024 01:10:05 +0300 Subject: [PATCH 3/3] OAuth2 PKCE --- docs/topics/OAuth2.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/topics/OAuth2.md b/docs/topics/OAuth2.md index 8578f70844..d346b6822d 100644 --- a/docs/topics/OAuth2.md +++ b/docs/topics/OAuth2.md @@ -64,6 +64,10 @@ When a user begins an authorization flow on the client, a `state` is generated t While Discord does not require the use of the `state` parameter, we support it and highly recommend that you implement it for the security of your own applications and data. +## Proof Key for Code Exchange (PKCE) + +... + ## Authorization Code Grant The authorization code grant is what most developers will recognize as "standard OAuth2" and involves retrieving an access code and exchanging it for a user's access token. It allows the authorization server to act as an intermediary between the client and the resource owner, so the resource owner's credentials are never shared directly with the client.