key-cape/src
Bernd Worsch a6af43b332 fix(authelia): use adapter's own client_id/redirect_uri in AuthorizeURL
The adapter was forwarding the downstream client's client_id and
redirect_uri to Authelia, which would always be rejected — Authelia
only recognises client_id=keycape and its registered callback URI.
Also removed downstream PKCE forwarding: KeyCape is a confidential
OIDC client to Authelia and authenticates via client_secret instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-25 03:15:36 +00:00
..
cmd feat: implement T22, T18, T23 — dev stack, profile tests, server binary 2026-03-13 02:18:36 +01:00
internal fix(authelia): use adapter's own client_id/redirect_uri in AuthorizeURL 2026-03-25 03:15:36 +00:00
tests feat: implement T19, T20 — Scenario B/C replacement tests; complete workplan 2026-03-13 02:36:29 +01:00
go.mod feat: implement T14, T10 — enforcement middleware, LLDAP adapter 2026-03-13 01:45:21 +01:00
go.sum feat: implement T14, T10 — enforcement middleware, LLDAP adapter 2026-03-13 01:45:21 +01:00
Makefile feat: implement T01-T04 — Go module, canonical model, LDAP validator, error taxonomy 2026-03-13 01:27:54 +01:00