#PKCE

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Hollo :hollo:'s avatar
Hollo :hollo:

@hollo@hollo.social

0.6.0 is coming soon!

We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:

Enhanced

  • RFC 8414 (OAuth metadata discovery)
  • RFC 7636 ( support)
  • Improved authorization flows following RFC 9700 best practices

New features

  • Extended character limit (4K → 10K)
  • Code syntax highlighting
  • Customizable profile themes
  • EXIF metadata stripping for privacy

Important notes for update

  • Node.js 24+ required
  • Updated environment variables for asset storage
  • Stronger SECRET_KEY requirements (44+ chars)

Special thanks to @thisismissem for the extensive OAuth improvements that help keep the secure and compatible! 🙏

Full changelog and upgrade guide coming with the release.

Jörn Franke's avatar
Jörn Franke

@jornfranke@mastodon.online

browsing the specs of OAuth 2.1 and found that PKCE is now mandatory for Authorization Code Flow (not only Desktops or frontend-only apps!):
datatracker.ietf.org/doc/html/

"The authorization code grant is extended with the functionality from PKCE [RFC7636] such that the default method of using the authorization code grant according to this specification requires the addition of the PKCE parameters"

Jörn Franke's avatar
Jörn Franke

@jornfranke@mastodon.online

browsing the specs of OAuth 2.1 and found that PKCE is now mandatory for Authorization Code Flow (not only Desktops or frontend-only apps!):
datatracker.ietf.org/doc/html/

"The authorization code grant is extended with the functionality from PKCE [RFC7636] such that the default method of using the authorization code grant according to this specification requires the addition of the PKCE parameters"

Jörn Franke's avatar
Jörn Franke

@jornfranke@mastodon.online

browsing the specs of OAuth 2.1 and found that PKCE is now mandatory for Authorization Code Flow (not only Desktops or frontend-only apps!):
datatracker.ietf.org/doc/html/

"The authorization code grant is extended with the functionality from PKCE [RFC7636] such that the default method of using the authorization code grant according to this specification requires the addition of the PKCE parameters"