Skip to content
Snippets Groups Projects
Commit 23edf4a7 authored by Patrick Radtke's avatar Patrick Radtke
Browse files

comment for why pkce is stored in session instead of state

parent f2e241ef
No related branches found
No related tags found
No related merge requests found
......@@ -379,6 +379,9 @@ class OAuth2 extends Source
/**
* support saving the providers PKCE code in the session for later verification.
* We store in the session rather in the $state since the $provider generates
* the pkce after it has been configured with the $state id, which we get after
* saving the $state.
*/
protected function saveCodeChallengeFromProvider(AbstractProvider $provider): void
{
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment