openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

PKCE Support

Open ohmoreno opened this issue 4 years ago • 12 comments

Hello,

Do you have plans to implement PKCE support?

ohmoreno avatar Aug 18 '20 21:08 ohmoreno

@ohmoreno at the moment there is not a clear road map for future enhancements. We'll add this as a future enhancement to consider.

timnolte avatar Aug 20 '20 02:08 timnolte

OK, I'll be looking forward to it.

I'll give it a good read so maybe I can be of help.

Thanks.

ohmoreno avatar Aug 21 '20 03:08 ohmoreno

Adding here for reference: https://tools.ietf.org/html/rfc7636

timnolte avatar Aug 26 '20 03:08 timnolte

I also found a couple of examples:

https://www.example-code.com/phpext/okta_authorization_code_flow.asp (PHP)

https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce

And a well explained tutorial: https://help.aweber.com/hc/en-us/articles/360036524474-How-do-I-use-Proof-Key-for-Code-Exchange-PKCE-

ohmoreno avatar Aug 26 '20 20:08 ohmoreno

It would be really nice to have the PKCE support in order to be more secure

joch0a avatar Sep 24 '20 20:09 joch0a

From 2022 PKCE ,state og nonce will be a requirement on some services. Its a recommendation from IETF.org

The Internet Engineering Task Force (IETF) is an open standards organization, which develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet protocol suite (TCP/IP).[3] It has no formal membership roster or membership requirements. All participants and managers are volunteers, though their work is usually funded by their employers or sponsors.

https://no.wikipedia.org/wiki/Internet_Engineering_Task_Force

christianostrem avatar May 20 '21 08:05 christianostrem

Hello,

We've developped an addon for the plugin to add support of PKCE https://github.com/BeAPI/openid-connect-generic-pkce-addon/.

Maybe it can help some people :)

Nicolas,

Rahe avatar Apr 12 '22 14:04 Rahe

Sweet! I'll check it out. Thanks man.

ohmoreno avatar Apr 15 '22 12:04 ohmoreno

@Rahe would you want to open up a PR to add this feature. We'd be very happy to include this as a built-in feature in the next release.

timnolte avatar Apr 15 '22 12:04 timnolte

@timnolte We can work on a PR to add the feature.

Should PKCE be active by default or should it be controlled by a new option ?

petitphp avatar Jul 08 '22 15:07 petitphp

In general all new features should be off by default, unless their on state is such that it wouldn't interfere with existing installations.

timnolte avatar Jul 08 '22 15:07 timnolte

@timnolte any update on this? any way I can help?

vvdevteam avatar Sep 11 '22 12:09 vvdevteam