Does the IdP OIDC extension support PKCE?

Wessel, Keith kwessel at
Wed Aug 19 21:23:35 UTC 2020


I don't see anything in the OIDC extension docs about this, so I figured I'd ask. Does the OIDC extension support PKCE and the use of a code_challenge parameter in place of a client secret in an authorization request? This is, obviously, in the context of mobile apps and not having to embed the client secret in the app.


More information about the users mailing list