This issue has been created
There are 2 updates.
 
 
OpenId Connect / cid:jira-generated-image-avatar-7881b455-859e-416e-9529-bc1133ae249e OIDC-261 Open

Add support for PKCE in the authenticator
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-e5ed0f9c-ed6f-450a-a1e9-f8f94e00b1ad Thomas Mortagne created this issue on 16/Oct/25 15:36
 
Summary: Add support for PKCE in the authenticator
Issue Type: cid:jira-generated-image-avatar-0b17fd6b-967a-41d1-9527-59af2806135b Improvement
Affects Versions: 2.19.3
Assignee: Unassigned
Components: Authenticator
Created: 16/Oct/25 15:36
Priority: cid:jira-generated-image-static-major-bd07050c-4650-435f-846b-6b52046afabb Major
Reporter: Thomas Mortagne
Description:

It would be interesting to implement this extension to the protocol.

For inspiration:

For the implementation, OIDC SDK seems to have support for it already (see for example AuthenticationRequest.Builder#codeChallenge).
 
 

2 updates

 
cid:jira-generated-image-avatar-e5ed0f9c-ed6f-450a-a1e9-f8f94e00b1ad Changes by Thomas Mortagne on 16/Oct/25 15:36
 
Issue Type: Improvement New Feature
Description: It would be interesting to implement this extension to the protocol.

For inspiration:
* https://oauth.net/2/pkce/
* https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce#how-it-works

For the implementation , : OIDC SDK seems to have support for it already (see for example {{AuthenticationRequest.Builder#codeChallenge}}) , so I guess the first thing to start with is storing a code verifier and pass it to the request somewhere in https://github . com/xwiki-contrib/oidc/blob/oidc-2.19.3/oidc-authenticator/src/main/java/org/xwiki/contrib/oidc/auth/OIDCAuthServiceImpl.java#L251-L271.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.