How do I enable the Proof Key for Code Exchange (PKCE) extension to the authorization code flow in the OIDC plugin?
The OIDC plugin supports PKCE out of the box, so you don’t need to configure anything.
When config.auth_methods
is set to authorization_code
, the plugin sends the required code_challenge
parameter automatically with the authorization code flow request.
If the IdP connected to the plugin enforces PKCE, it will be used during the authorization code flow. If the IdP doesn’t support or enforce PCKE, it won’t be used.