OpenID Connect Extension: Proof Key for Code Exchange (PKCE) support?

Hello,

we are trying to change our authentication to OpenID Connect but our internal provider strictly requires the additional PKCE safety of OpenID Connect with code_challenge and so on.

We can’t find any information in the OpenID Connect Authenticator Extension documentation how to enable the optional PKCE safety or if its even currently supported by the XWiki extension.

Can anyone tell me if its currently supported or not ? Are there plans? And if its already supported - how can I activate it?

Thank you very much in advance and best regards

Tom

PKCE is not currently supported by the OIDC authenticator.

We definitely don’t have anything against it (and I just created an issue to remember about it), but it’s definitely not in the roadmap anytime soon.

If you feel like working on this, I added some hints in the issue, based on stuff I found when researching quickly what OIDC PKCE is about exactly.

Of course, another possibility to help sponsor the extension and the XWiki ecosystem in general is to pay a sponsoring company to implement that for you.