You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@missourian55 I'd like to clarify, we can't do anything around making sure the tokens acquired by the SPA scripts or public clients use PKCE as Quarkus OIDC adapter does not control the code flow for these types of clients. We can only get PKCE applied to the code flow run for Quarkus web-app applications.
Description
For SPA & Native apps (public clients) this is the recommended way to implement the Authorization code flow
Implementation ideas
Some of the reference materials I looked into are
https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce
https://dzone.com/articles/securing-web-apps-using-pkce-with-spring-boot
https://www.stefaanlippens.net/oauth-code-flow-pkce.html
The text was updated successfully, but these errors were encountered: