-
Notifications
You must be signed in to change notification settings - Fork 431
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add disablePkce config parameter #1455
Conversation
projects/angular-auth-oidc-client/src/lib/utils/url/url.service.ts
Outdated
Show resolved
Hide resolved
Thanks for the PR. I am not sure we should support this as using code flow without PKCE is not a good idea. A better solution would be to add support on the server or change the IDP. Greetings Damien |
Thanks for your review, To better describe my case:
I am aware that PKCE should be enabled for confidential as well as public client, but not all idp currently supports it for confidential client. My current work around is to manually navigates to a hand-crafted URL :
|
I'm in the same boat: the IDP doesn't support PKCE and rejects the code exchange. I can't use a different IDP, and the IDP can't be made to support PKCE, for stupid large company reasons. It would be great if this PR could be merged. Maybe add stern warnings to the documentation, or even name the parameter "downgradeSecurityAndDisablePkce" or something like that so that no one will unneccessarily use it. |
Can you, @Kwoin , merge main back into your PR to get the builds green? |
Thanks @Kwoin @FabianGosebrink I think we merge this once the PR is ready
|
merge done. |
Address issue #1454