- Add PKCE service with RFC 7636 compliance (S256 and plain methods)
- Implement OAuth authorization controller with CSRF protection
- Add comprehensive security testing (SQL injection, XSS, DoS protection)
- Create 44+ tests across 6 test files with 100% pass rate
- Implement public/confidential client support with PKCE enforcement
- Maintain full backward compatibility with existing password grant flow
Before this change, 2FA with OTP was enabled before the user was able to
submit a code to validate the setup. Thus, this could lead to a
situation where the user is locked out of her account if there was an
issue setting up her application.
Now we rely on a new boolean property that is set to true only after the
user submits a valid code during the setup phase.
Fixes#4867
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
