Skip to content

OIDC PKCE support #16657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Aug 4, 2025
Merged

OIDC PKCE support #16657

merged 12 commits into from
Aug 4, 2025

Conversation

mike12345567
Copy link
Collaborator

Description

This PR adds support for PKCE (https://oauth.net/2/pkce/) for code word challenges into the OIDC SSO flow.

I have added a new container to the worker test suite: https://github.com/dexidp/dex

This allows us to run an IDP which we can connect to with OIDC and confirm the validation flow properly.

The new integration test walks through a basic OIDC SSO login and confirms the token flows using the PKCE strategy.

Screenshots

image

Adds a new section to the OIDC configuration page to apply the PKCE challenge option (plain or S256).

@mike12345567 mike12345567 self-assigned this Jul 31, 2025
@mike12345567 mike12345567 requested a review from a team as a code owner July 31, 2025 16:27
@mike12345567 mike12345567 requested review from adrinr and removed request for a team July 31, 2025 16:27
@qa-wolf QA Wolf
Copy link

qa-wolf bot commented Jul 31, 2025

QA Wolf here! As you write new code it's important that your test coverage is keeping up.
Click here to request test coverage for this PR!

@github-actions github-actions bot added firestorm Data/Infra/Revenue Team size/l labels Jul 31, 2025
shogunpurple
shogunpurple approved these changes Aug 1, 2025
View reviewed changes
Copy link
Member

@shogunpurple shogunpurple left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually pretty awesome how passport made this simpler than it seemed. Great test suite, covers all the functionality well 👍

shogunpurple
shogunpurple reviewed Aug 1, 2025
View reviewed changes
Copy link
Member

@shogunpurple shogunpurple left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only thing I would say - should we flag this behind enterprise?

@mike12345567 mike12345567 enabled auto-merge August 4, 2025 12:12
@mike12345567 mike12345567 merged commit 9af2bf1 into master Aug 4, 2025
30 checks passed
@mike12345567 mike12345567 deleted the feature/oidc-pkce-support branch August 4, 2025 12:23
@github-actions github-actions bot locked and limited conversation to collaborators Aug 4, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shogunpurple shogunpurple shogunpurple approved these changes

@adrinr adrinr adrinr approved these changes

Assignees

@mike12345567 mike12345567

Labels
firestorm Data/Infra/Revenue Team size/l
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mike12345567 @shogunpurple @adrinr