I wouldn’t say this is 100% accurate but enjoy it for what it is.. a nerdy concept explained with meme cats. 🐱
oauth
Gosh this PKCE stuff goes back to 2020.
Reads:
- Dropbox: https://dropbox.tech/developers/pkce--what-and-why-
- Postman: https://blog.postman.com/pkce-oauth-how-to/
- Mastodon OAuth PKCE extension PR: https://github.com/mastodon/mastodon/pull/31129
- Mastodon OAuth documentation PR: https://github.com/mastodon/documentation/pull/1445
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
RFC 8414 (OAuth metadata discovery)
RFC 7636 (#PKCE support)
Improved authorization flows following RFC 9700 best practices
New features
Extended character limit (4K → 10K)
Code syntax highlighting
Customizable profile themes
EXIF metadata stripping for privacy
Important notes for update
Node.js 24+ required
Updated environment variables for asset storage
Stronger SECRET_KEY requirements (44+ chars)
Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 🙏
Full changelog and upgrade guide coming with the release.