happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/proto/api/v1
History
Johnny 1a9bd32cf1 feat(auth): add PKCE support and enhance OAuth security 
Implements critical OAuth 2.0 security improvements to protect against authorization code interception attacks and improve provider compatibility:

- Add PKCE (RFC 7636) support with SHA-256 code challenge/verifier
- Fix access token extraction to use standard field instead of Extra()
- Add OAuth error parameter handling (access_denied, invalid_scope, etc.)
- Maintain backward compatibility for non-PKCE flows

This brings the OAuth implementation up to modern security standards as recommended by Auth0, Okta, and the OAuth 2.0 Security Best Current Practice (RFC 8252).

Backend changes:
- Add code_verifier parameter to ExchangeToken with PKCE support
- Use token.AccessToken for better provider compatibility
- Update proto definition with optional code_verifier field

Frontend changes:
- Generate cryptographically secure PKCE parameters
- Include code_challenge in authorization requests
- Handle and display OAuth provider errors gracefully
- Pass code_verifier during token exchange

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 		2025-12-01 00:04:26 +08:00
..
README.md chore: update demo site 2025-02-27 23:05:43 +08:00
activity_service.proto refactor(api): migrate inbox functionality to user notifications 2025-10-31 08:33:09 +08:00
attachment_service.proto feat: migrate dialogs 2025-07-06 22:01:55 +08:00
auth_service.proto feat(auth): add PKCE support and enhance OAuth security 2025-12-01 00:04:26 +08:00
common.proto refactor: renovate list memos endpoint 2025-02-02 18:43:26 +08:00
idp_service.proto chore: standardize and improve API structure (#5224) 2025-11-05 22:36:51 +08:00
instance_service.proto refactor: remove enable link preview setting 2025-11-30 10:34:22 +08:00
memo_service.proto refactor(api): remove DeleteMemoTag and RenameMemoTag endpoints 2025-10-29 23:32:47 +08:00
shortcut_service.proto refactor: clean unused fields 2025-06-23 22:55:14 +08:00
user_service.proto refactor(api): migrate inbox functionality to user notifications 2025-10-31 08:33:09 +08:00

README.md

Memos API Design

This API design should follow the guidelines and best practices outlined in the Google API Improvement Proposals (AIPs).