[PR #836] [MERGED] fix: ignore client secret if client is public #948

Closed
opened 2026-02-04 21:06:13 +03:00 by OVERLORD · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/pocket-id/pocket-id/pull/836
Author: @James18232
Created: 8/16/2025
Status: Merged
Merged: 8/16/2025
Merged by: @stonith404

Base: mainHead: fix-public-flow-auth


📝 Commits (1)

  • b962975 fix: client secret being checked for public clients

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 backend/internal/service/oidc_service.go (+2 -2)

📄 Description

feat to allow a user to specify a (Confidential + PKCE) Client as a Public Client instead.

This is necessary for clients setup as confidential + PKCE authorization that do not protect client secrets properly.

One example is ownCloud OCIS ( Desktop/Android/IOS ) - the client secret is expected to be a hard coded/public value - see https://doc.owncloud.com/server/next/admin_manual/configuration/user/oidc/oidc.html#client-ids-secrets-and-redirect-uris)

This is incorrect implementation by the service, however PocketID should ignore any client secret attached to a request for access from a Public Client as the spec does not expect this. This will allow support for these services as Public clients for now (once custom Client ID support is implemented).


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/pocket-id/pocket-id/pull/836 **Author:** [@James18232](https://github.com/James18232) **Created:** 8/16/2025 **Status:** ✅ Merged **Merged:** 8/16/2025 **Merged by:** [@stonith404](https://github.com/stonith404) **Base:** `main` ← **Head:** `fix-public-flow-auth` --- ### 📝 Commits (1) - [`b962975`](https://github.com/pocket-id/pocket-id/commit/b96297555d82e5f0dd3e3f612726877f4945bb98) fix: client secret being checked for public clients ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/service/oidc_service.go` (+2 -2) </details> ### 📄 Description feat to allow a user to specify a (Confidential + PKCE) Client as a Public Client instead. This is necessary for clients setup as confidential + PKCE authorization that do not protect client secrets properly. One example is ownCloud OCIS ( Desktop/Android/IOS ) - the client secret is expected to be a hard coded/public value - see https://doc.owncloud.com/server/next/admin_manual/configuration/user/oidc/oidc.html#client-ids-secrets-and-redirect-uris) This is incorrect implementation by the service, however PocketID should ignore any client secret attached to a request for access from a Public Client as the spec does not expect this. This will allow support for these services as Public clients for now (once custom Client ID support is implemented). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-04 21:06:13 +03:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#948