Does the IdP OIDC extension support PKCE?
Henri Mikkonen
henri.mikkonen at csc.fi
Thu Aug 20 09:29:22 UTC 2020
> On 20 Aug 2020, at 0.23, Wessel, Keith <kwessel at illinois.edu> wrote:
>
> I don't see anything in the OIDC extension docs about this, so I figured I'd ask. Does the OIDC extension support PKCE and the use of a code_challenge parameter in place of a client secret in an authorization request? This is, obviously, in the context of mobile apps and not having to embed the client secret in the app.
Yes, PKCE is supported since 1.1.0. I’ve just added a case example at the end of the following Wiki-page:
https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/OIDC.SSO <https://github.com/CSCfi/shibboleth-idp-oidc-extension/wiki/OIDC.SSO>
BR,
Henri.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200820/1fb57b6d/attachment.htm>
More information about the users
mailing list