You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have successfully integrated NC 28.0.1 and user_oidc 1.3.5 with zitadel IdP using PKCE (empty client secret).
While I upgraded my dev environment to NC 28.0.2 and "integrated" user_oidc upgrade to 1.3.6 the integration stopped working.
reviewing release notes I found #740 which introduce a new setting making PKCE optional. so added the new parameter
use_pkce = true to my config using occ config:app:set --value=true user_oidc use_pkce but still no luck logging in. login process fails with this error:
if I use same IdP with "client authentication" (client_id + client_secret) login is successful.
Please advice how to make PKCE work especially considering PKCE is the "preferred" variant
Clients MUST prevent injection (replay) of authorization codes into the authorization response by attackers. Public clients MUST use PKCE [RFC7636] to this end. For confidential clients, the use of PKCE [RFC7636] is RECOMMENDED.
The text was updated successfully, but these errors were encountered:
isdnfan
changed the title
pkce doesn't work after upgrade to NC28.0.2 and user_oidc 1.3.6
PKCE doesn't work after upgrade to NC28.0.2 and user_oidc 1.3.6
Mar 6, 2024
I'm not sure if the command occ config:app:set --value=true user_oidc use_pkce writes a string value and not boolean. unfortunately occ config:app:set doesn't support --type=boolean as occ config:system:set does..
I'm little surprised but the config doesn't end in the config.php (community docker) so I'm unsure how to verify if the setting was applied in the right way.
isdnfan
changed the title
PKCE doesn't work after upgrade to NC28.0.2 and user_oidc 1.3.6
PKCE doesn't work after upgrade to NC28.0.2 and user_oidc > 1.3.6
Mar 14, 2024
Hi, I'm using PKCE and I had to set it as a system setting: occ config:system:set --value=true --type=boolean user_oidc use_pkce
This will add the array and enable PKCE.
I have successfully integrated NC 28.0.1 and user_oidc 1.3.5 with zitadel IdP using PKCE (empty client secret).
While I upgraded my dev environment to NC 28.0.2 and "integrated" user_oidc upgrade to 1.3.6 the integration stopped working.
reviewing release notes I found #740 which introduce a new setting making PKCE optional. so added the new parameter
use_pkce = true
to my config usingocc config:app:set --value=true user_oidc use_pkce
but still no luck logging in. login process fails with this error:if I use same IdP with "client authentication" (client_id + client_secret) login is successful.
Please advice how to make PKCE work especially considering PKCE is the "preferred" variant
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-16#section-2.1.1
The text was updated successfully, but these errors were encountered: