Consider logging missing `code_challenge` when PKCE is required

https://github.com/spring-projects/spring-authorization-server/blob/27a893fbeea7ec1f8ebb85be9242f17b24223e72/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java#L97-L99

We should consider adding a log entry at DEBUG level in `CodeVerifierAuthenticator` for this case. This would allow the logging level to be tuned specifically for this logging.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Consider logging missing `code_challenge` when PKCE is required #1247

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

	if (!StringUtils.hasText(codeChallenge)) {
	if (registeredClient.getClientSettings().isRequireProofKey()) {
	throwInvalidGrant(PkceParameterNames.CODE_CHALLENGE);

Consider logging missing code_challenge when PKCE is required #1247

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

Consider logging missing `code_challenge` when PKCE is required #1247