spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Document Authorization Server PKCE settings

Open bloomsei opened this issue 1 month ago • 0 comments

Updates documentation to reflect that PKCE is now enabled by default for authorization_code flows in both authorization server and client.

Changes include:

  • Documenting the default PKCE behavior for authorization code flows
  • Adding instructions for disabling PKCE when not supported
  • Adding a new ClientSettings section to document authorization server configuration options

The documented changes were introduced by:

  • gh-16391
  • gh-17507

bloomsei avatar Dec 13 '25 15:12 bloomsei