Does the IdP OIDC extension support PKCE?
Wessel, Keith
kwessel at illinois.edu
Wed Aug 19 21:23:35 UTC 2020
All,
I don't see anything in the OIDC extension docs about this, so I figured I'd ask. Does the OIDC extension support PKCE and the use of a code_challenge parameter in place of a client secret in an authorization request? This is, obviously, in the context of mobile apps and not having to embed the client secret in the app.
https://www.oauth.com/oauth2-servers/pkce/authorization-request/
Thanks,
Keith
More information about the users
mailing list