Does OIDC plugin support adding random string a code challange in authorize call for IDP that support clients for authorization flow with PKCE?
We are using a confidential client with client id and client secret for OIDC plugin; however the client for react app is public client that uses PKCE. We observed that kong-oidc during 302 redirection creates a location that UI needs to invoke; however, since the code_challenge is missing from /authorize call, the IDP will fail the request with 400 bad request
Hello,
Does OIDC plugin support adding random string a code challange in authorize call for IDP that support clients for authorization flow with PKCE?
We are using a confidential client with client id and client secret for OIDC plugin; however the client for react app is public client that uses PKCE. We observed that kong-oidc during 302 redirection creates a location that UI needs to invoke; however, since the code_challenge is missing from /authorize call, the IDP will fail the request with 400 bad request