commit cba57e82a38cd2b8b33c9b6ad973da65712657e5
parent b2669742e2fd3a9224f82611f707ac8077ef9f1a
Author: Bohdan Potuzhnyi <potub1@bfh.ch>
Date: Mon, 12 Aug 2024 13:11:07 +0000
updated the challenger documentation with rfc7636
Diffstat:
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/core/api-challenger.rst b/core/api-challenger.rst
@@ -101,7 +101,7 @@ Receiving Configuration
.. http:get:: /config
Obtain the key configuration settings of the storage service.
- This specification corresponds to ``current`` protocol being version **1**.
+ This specification corresponds to ``current`` protocol being version **3**.
**Response:**
@@ -194,6 +194,8 @@ Login
:query redirect_uri: URI-encoded redirection URI to use upon authorization.
:query state: Arbitrary client state to associate with the request.
:query scope: Not supported, any value is accepted.
+ :query code_challenge: A string to enhance security using PKCE (available since v3).
+ :query code_challenge_method: The method used for the code_challenge. Options are S256 (SHA-256) or plain (available since v3).
**Response:**
@@ -467,7 +469,7 @@ Auth
``authorization_code``. The ``redirect_uri`` must match the URI from
``/authorize``. The ``code`` must be the authorization code that ``/solve``
returned to the user. The ``client_id`` and ``client_secret`` must match
- the usual client credentials.
+ the usual client credentials. Since version v3, ``code_verifier`` can also be included.
**Response:**
@@ -476,6 +478,8 @@ Auth
:http:statuscode:`200 OK`:
The body will be a `ChallengerAuthResponse`
+ :http:statuscode:`401 Unathorized`:
+ The ``code_verifier`` is not matching the saved ones. (Since v3)
:http:statuscode:`403 Forbidden`:
The credentials of the client are invalid.
:http:statuscode:`404 Not found`:
