Skip to content

PKCE #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Ghostboo124 wants to merge 5 commits into
base: main
Choose a base branch
from
Open

PKCE #169

Ghostboo124 wants to merge 5 commits into from

Conversation

@Ghostboo124
Copy link

@Ghostboo124 Ghostboo124 commented Jan 21, 2026

Add PKCE support

Copilot Overview (i just wanted to see what it would do):

This pull request introduces Proof Key for Code Exchange (PKCE) support to the OAuth implementation, updates the documentation for both OAuth and OIDC guides with improved examples and formatting, and makes several minor improvements and corrections to the developer documentation. Additionally, it includes a database migration to support PKCE and updates the schema accordingly.

OAuth PKCE Support and Documentation:

  • Added a database migration (enable_pkce.rb) and updated the schema to support code_challenge and code_challenge_method fields in the oauth_access_grants table, enabling PKCE for OAuth flows. [1] [2] [3]
  • Expanded the OAuth guide (oauth-guide.md.erb) with a detailed section on using PKCE, including step-by-step instructions, example requests, and error handling.

OIDC and OAuth Documentation Improvements:

  • Improved code examples and formatting in both OAuth and OIDC guides by wrapping API example URLs in scrollable containers for better readability and consistency. [1] [2] [3]
  • Updated and corrected markdown tables for OIDC standard and custom scopes, and clarified scope restrictions in the documentation. [1] [2] [3]
  • Standardized TypeScript code samples in the OIDC guide to use semicolons and improved code consistency. [1] [2] [3]

Minor Documentation and UI Corrections:

  • Fixed minor markdown and typographical issues in both guides, such as italicization and code block formatting.
  • Minor UI adjustment in the step-up authentication page, though the change appears incomplete and may need review.

Schema and Migration Updates:

  • Updated db/schema.rb to reflect the new PKCE columns, added tables for analytics (ahoy_events, ahoy_visits), and included other schema changes to stay in sync with migrations. [1] [2] [3]

These changes collectively improve both the security and developer experience of the OAuth and OIDC integrations, especially for native and single-page applications.

Ghostboo124 and others added 5 commits January 21, 2026 16:03
@Ghostboo124
feat: add pkce doorkeeper migration
c915864 
Signed-off-by: Ghostboo124 <alexander.perkins11@gmail.com>
@Ghostboo124
style: lint
424387d 
Signed-off-by: Ghostboo124 <alexander.perkins11@gmail.com>
@Ghostboo124
style(docs): fix oidc docs
7e87a39 
There were two API examples that went off the screen, they now have a scrollbar

openid was duplicated in the community apps section

Signed-off-by: Ghostboo124 <alexander.perkins11@gmail.com>
@Ghostboo124
docs: add a PKCE to the OAuth guide
6fc1f8f 
Signed-off-by: Ghostboo124 <alexander.perkins11@gmail.com>
@Ghostboo124
Merge branch 'hackclub:main' into pkce
fe9d33c
@Ghostboo124
Copy link
Author

Ghostboo124 commented Jan 21, 2026

This fixes Issue #167

@Ghostboo124 Ghostboo124 mentioned this pull request Jan 21, 2026
Open
@24c02
Copy link
Member

24c02 commented Jan 21, 2026

i see a bunch of unrelated changes in here?

@Ghostboo124
Copy link
Author

Ghostboo124 commented Jan 22, 2026
edited
Loading

db/migrate/20260121045934_enable_pkce.rb, db/analytics_schema.rb, db/schema.rb are all from the doorkeeper PKCE migration that the doorkeeper docs told me to run.

app/views/step_up/new.html.erb was changed when I ran the lint script. (kind of unrelated, but the old README told me to run the lint script, I don't know about the new one)

app/views/docs/oidc-guide.md.erb was me fixing a bug where one of the requests went off the screen and a duplicated word (so, yes, unrelated)

app/views/docs/oauth-guide.md.erb was me adding a guide for PKCE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ghostboo124 @24c02