eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

feat: Add PKCE Verifier for OIDC (#2314)

Browse source 
* feat: add PKCE verifier for OIDC

* Update CHANGELOG.md
This commit is contained in:
Rorical 2024-12-23 00:46:36 +08:00 committed by GitHub
parent 9313e5b058
commit b81420bef1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 187 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

12
config-example.yaml
View file

@ -364,6 +364,18 @@ unix_socket_permission: "0770"
# allowed_users:
# - alice@example.com
#
# # Optional: PKCE (Proof Key for Code Exchange) configuration
# # PKCE adds an additional layer of security to the OAuth 2.0 authorization code flow
# # by preventing authorization code interception attacks
# # See https://datatracker.ietf.org/doc/html/rfc7636
# pkce:
# # Enable or disable PKCE support (default: false)
# enabled: false
# # PKCE method to use:
# # - plain: Use plain code verifier
# # - S256: Use SHA256 hashed code verifier (default, recommended)
# method: S256
#
# # Map legacy users from pre-0.24.0 versions of headscale to the new OIDC users
# # by taking the username from the legacy user and matching it with the username
# # provided by the OIDC. This is useful when migrating from legacy users to OIDC