Skip to content

Add PKCE support for OIDC #292

New issue
New issue
Open
Open
Add PKCE support for OIDC#292
Labels
confirmedBug has been confirmed, or feature is on the roadmap.featureNew feature or requestgood first issueGood for newcomers
@CEbbinghaus

Description

@CEbbinghaus
CEbbinghaus
opened on Nov 25, 2025

Most OIDC clients support PKCE (rfc7636) for the OIDC authentication. It not only allows for secret-less auth (which would be required if we wanted to authenticate the client application directly) but also strengthens the auth provided by the server.

Almost every single modern ODIC Provider supports PKCE and some even enforce it as a standard (such as kanidm) so there is really no downside, only additional security

Metadata

Metadata

Assignees

No one assigned

    Labels

    confirmedBug has been confirmed, or feature is on the roadmap.featureNew feature or requestgood first issueGood for newcomers

    Type

    No type

    Projects

    Drop developer planning

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions