PKCE support for OAuth2 for Keycloak missing #1721
Description
Issue submitter TODO list
- I've looked up my issue in FAQ
- I've searched for an already existing issues here
- I've tried running
main-labeled docker image and the issue still persists there - I'm running a supported version of the application which is listed here
Describe the bug (actual behavior)
I tried to setup an OAuth2 integration with Keycloak and wasn't able to login.
After discussion with out IDP Team I got the feedback that PKCE is missing in the request.
Expected behavior
The OAuth2 integration should use PKCE and send a code_challenge_method (or the documentation needs to state how to configure it)
Your installation details
- App Version: dfa5a7e v1.4.2
- 1.6.0
- App Config (relevant part)
yamlApplicationConfig:
dynamic.config.enabled: true
auth:
type: OAUTH2
oauth2:
client:
keycloak:
clientId: REDACTED
clientSecret: ${KEYCLOAK_CLIENT_SECRET}
scope: openid
issuer-uri: REDACTED
user-name-attribute: name
client-name: REDACTED (same as clientID)
provider: keycloak
authorization-grant-type: authorization_code
client-authentication-method: none
custom-params:
type: oauth
roles-field: roles
logging:
level:
root: info # trace,debug, info, warn, error. default: info
io.kafbat.ui.service.rbac: TRACESteps to reproduce
- configure confidential keycloak client
- setup oauth2 as describe in documentation / see above in app config
- try to login
Screenshots
No response
Logs
login/oauth2/code/keycloak?error=invalid_request&error_description=Missing+parameter%3A+code_challenge_method
Additional context
No response