-
Type:
Improvement
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 2023.0
-
Fix Version/s: None
-
Component/s: Open Id
-
Tags:
-
Team:PLATFORM
Some OpenID providers re expecting a code_challenge but Nuxeo does not provide this information into the HTTP call. It produces this error in the OpenID logs
HTTP 302 Invalid request of ticket : code_challenge
This is due to the fact that PKCE is not implemented into the Auth code flow generated by Nuxeo.
It could be done by calling the enablePKCE() method when building the AuthorizationCodeFlow object by the NuxeoOAuth2ServiceProvider#getAuthorizationCodeFlow
Ideally calling this method would be controlled by a new property on the corresponding description : OAuth2ServiceProviderDescriptor