Gondulf/docs/reports at d63040b014822fcfc62b47e05b02f8d195a43860 - Gondulf - Code Depot

phil/Gondulf

Files

History

Phil Skentelbery 404d723ef8 fix(auth): make PKCE optional per ADR-003

PKCE was incorrectly required in the /authorize endpoint,
contradicting ADR-003 which defers PKCE to v1.1.0.

Changes:
- PKCE parameters are now optional in /authorize
- If code_challenge provided, validates method is S256
- Defaults to S256 if method not specified
- Logs when clients don't use PKCE for monitoring
- Updated tests for optional PKCE behavior

This fixes authentication for clients that don't implement PKCE.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-17 15:23:44 -07:00

..

2025-11-20-gap-analysis-v1.0.0.md

feat(phase-4a): complete Phase 3 implementation and gap analysis

2025-11-20 17:16:11 -07:00

2025-11-20-phase-1-foundation.md

feat(core): implement Phase 1 foundation infrastructure

2025-11-20 12:21:42 -07:00

2025-11-20-phase-2-domain-verification.md

test: fix Phase 2 migration schema tests

2025-11-20 13:39:45 -07:00

2025-11-20-phase-3-token-endpoint.md

feat(phase-3): implement token endpoint and OAuth 2.0 flow

2025-11-20 14:24:06 -07:00

2025-11-20-phase-4a-complete-phase-3.md

feat(phase-4a): complete Phase 3 implementation and gap analysis

2025-11-20 17:16:11 -07:00

2025-11-20-phase-4b-security-hardening.md

feat(security): merge Phase 4b security hardening

2025-11-20 18:28:50 -07:00

2025-11-20-phase-5a-deployment-config.md

feat(deploy): merge Phase 5a deployment configuration

2025-11-21 19:16:54 -07:00

2025-11-20-project-initialization.md

feat(core): implement Phase 1 foundation infrastructure

2025-11-20 12:21:42 -07:00

2025-11-21-phase-5b-integration-e2e-tests.md

feat(test): add Phase 5b integration and E2E tests

2025-11-21 22:22:04 -07:00

2025-11-22-authentication-flow-fix.md

fix(auth): require email authentication every login

2025-11-22 15:16:26 -07:00

2025-11-22-authorization-verification-fix.md

fix(auth): require email authentication every login

2025-11-22 15:16:26 -07:00

2025-11-22-bug-fix-https-health-check.md

fix(health): support HEAD method for health endpoint

2025-11-22 11:54:06 -07:00

2025-11-22-dns-verification-bug-fix.md

fix(dns): query _gondulf subdomain for domain verification

2025-11-22 17:46:38 -07:00

2025-11-24-client-id-validation-compliance.md

fix(validation): implement W3C IndieAuth compliant client_id validation

2025-11-24 18:14:55 -07:00

2025-11-25-token-verification-endpoint.md

feat(token): implement GET /token for token verification

2025-11-25 08:10:47 -07:00

2025-12-17-bugfix-pkce-optional.md

fix(auth): make PKCE optional per ADR-003

2025-12-17 15:23:44 -07:00