djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 'internal/federationdomain/oidc/oidc.go'

Browse Source
This commit is contained in:
Danny Bessems 2023-10-31 13:18:01 +00:00
parent 54d4879c69
commit cb932adbb2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/federationdomain/oidc/oidc.go
View File

@ -144,7 +144,10 @@ func FositeOauth2Helper(
RefreshTokenLifespan: timeoutsConfiguration.RefreshTokenLifespan,
ScopeStrategy: fosite.ExactScopeStrategy,
EnforcePKCE: true,
// The only public client is pinniped-cli, so this combination of PKCE settings requires PKCE for the
// pinniped-cli client and does not require PKCE for any dynamically configured OIDCClients.
EnforcePKCE: false,
EnforcePKCEForPublicClients: true,
// "offline_access" as per https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
RefreshTokenScopes: []string{oidcapi.ScopeOfflineAccess},