-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCE doesn't work after upgrade to NC28.0.2 and user_oidc > 1.3.6 #806
Comments
I'm not sure if the command I'm little surprised but the config doesn't end in the config.php (community docker) so I'm unsure how to verify if the setting was applied in the right way. |
Hi, I'm using PKCE and I had to set it as a system setting: |
I have successfully integrated NC 28.0.1 and user_oidc 1.3.5 with zitadel IdP using PKCE (empty client secret).
While I upgraded my dev environment to NC 28.0.2 and "integrated" user_oidc upgrade to 1.3.6 the integration stopped working.
reviewing release notes I found #740 which introduce a new setting making PKCE optional. so added the new parameter
use_pkce = true
to my config usingocc config:app:set --value=true user_oidc use_pkce
but still no luck logging in. login process fails with this error:if I use same IdP with "client authentication" (client_id + client_secret) login is successful.
Please advice how to make PKCE work especially considering PKCE is the "preferred" variant
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-16#section-2.1.1
The text was updated successfully, but these errors were encountered: