Support RFC7636 PKCE in the OAuth 2.0 flow. (#14750)

PKCE can protect against certain attacks and is enabled by default. Support can be controlled manually by setting the pkce_method of each oidc_providers entry to 'auto' (default), 'always', or 'never'. This is required by Twitter OAuth 2.0 support.
author: Patrick Cloke <clokep@users.noreply.github.com> 2023-01-04 14:58:08 -0500
committer: GitHub <noreply@github.com> 2023-01-04 14:58:08 -0500
commit: 630d0aeaf607b4016e67895d81b0402a5dfcc769 (patch)
tree: 466fee9b2abd278925824eb602315f6c642aae90 /changelog.d
parent: Use env vars in GHA dependabot changelog (#14772) (diff)
download: synapse-630d0aeaf607b4016e67895d81b0402a5dfcc769.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/14750.feature b/changelog.d/14750.feature
new file mode 100644
index 0000000000..cfed64ee80
--- /dev/null
+++ b/changelog.d/14750.feature
@@ -0,0 +1 @@
+Support [RFC7636](https://datatracker.ietf.org/doc/html/rfc7636) Proof Key for Code Exchange for OAuth single sign-on.
author	Patrick Cloke <clokep@users.noreply.github.com>	2023-01-04 14:58:08 -0500
committer	GitHub <noreply@github.com>	2023-01-04 14:58:08 -0500
commit	630d0aeaf607b4016e67895d81b0402a5dfcc769 (patch)
tree	466fee9b2abd278925824eb602315f6c642aae90 /changelog.d
parent	Use env vars in GHA dependabot changelog (#14772) (diff)
download	synapse-630d0aeaf607b4016e67895d81b0402a5dfcc769.tar.xz