Optional PKCE #783
Labels
question
Further information is requested
Comments
|
The Authorization Code Grant code path is using PKCE, there is no alternative code path in the library, which can be enabled. This library focuses on OAuth 2.1, which says:
That said, we might should improve the migration docu, which seems outdated... |
|
Ok. got it. So maybe it is a good idea to change the migration.md description? It clearly says "PKCE remains optional" |
|
would be great if you make a merge request and fix that in the documentation! |
Moshyfawn
pushed a commit
to Moshyfawn/oidc-client-ts
that referenced
this issue
Dec 2, 2022
2 tasks
|
Is #789 enough to explain the |
dbfr3qs
pushed a commit
to dbfr3qs/oidc-client-ts
that referenced
this issue
Apr 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As stated on the migration document (https://github.com/authts/oidc-client-ts/blob/main/docs/migration.md) PKCE should be optional even when using code type.
How to config oidc-client-ts to not send code_challenge, code_challenge_method, etc. to the identity server?
Tried to set code_verifier to false but it didn't make any difference.
Thanks in advance.
See also: IdentityModel/oidc-client-js#1360
The text was updated successfully, but these errors were encountered: