Closed eidottermihi closed 2 years ago
@tadayosi do you have an ETA when this will be included in a new release?
Thanks for the heads-up. Just published https://github.com/hawtio/hawtio-oauth/releases/tag/v4.13.13. Downstream releases will follow soon.
The security policies of my company require the usage of PKCE for public clients.
According to the (latest) Keycloak docs, this can be enforced by setting
pkceMethod
as an init option for the Keycloak JS Adapter: https://www.keycloak.org/docs/latest/securing_apps/#methodsI've been looking through the code and found the Keycloak JS adapter initialization here:
https://github.com/hawtio/hawtio-oauth/blob/876c19088eef59d999a37ad636941b70ee2aced0/plugins/keycloak/keycloak.module.ts#L113
It would be nice if the current hardcoded
init
-Options could be extended or overwritten, for example to set a specificpkceMethod
(e.g.-Dhawtio.keycloak.pkceMethod=S256
).I'm not quite sure if this would require a version bump for keycloak-js too (currently on
^3.4.3
).