Details
-
New Feature
-
Resolution: Unresolved
-
Major
-
None
-
2.19.3
-
None
-
Unknown
-
Description
It would be interesting to implement this extension to the protocol.
For inspiration:
- https://oauth.net/2/pkce/
- https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce#how-it-works
For the implementation: OIDC SDK seems to have support for it already (see for example AuthenticationRequest.Builder#codeChallenge), so I guess the first thing to start with is storing a code verifier and pass it to the request somewhere in https://github.com/xwiki-contrib/oidc/blob/oidc-2.19.3/oidc-authenticator/src/main/java/org/xwiki/contrib/oidc/auth/OIDCAuthServiceImpl.java#L251-L271.