-
-
Notifications
You must be signed in to change notification settings - Fork 174
Closed
Description
If the realm level setting "Code verifier parameter required" is not active and the client sends the challenge for code verification the auth server doesn't check the code, but accepts any code challenge. The could be an active check regardless of it is required or not.
This is a realm level setting, we cannot enable it, because not all of our clients support this feature, but some clients would like to use it properly in the same realm.
OpenAM version: 14.6.4
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels