[keycloak-dev] Proposal of RFC7636 (PKCE) support

乗松隆志 / NORIMATSU,TAKASHI takashi.norimatsu.ws at hitachi.com
Mon Apr 3 03:16:40 EDT 2017


What about the status of the PR?
There was two PRs about PKCE, but it is now only one PR(above).

I found that 3.x label is removed, and I am afraid that priority was set low.
However, this patch is very important for keycloak to be competitive.
And I wish the review will be resumed soon.
If there is any issue, please tell me, I am willing to work.

Following is background information why PKCE is necessary: 

In the financial API draft of OIDF, 
It requires RFC7636.
>5.2.2.  Authorization Server
>The Authorization Server
>  shall support [RFC7636] with S256 as the code challenge method;

In addition, other competing products supports it.
* Gluu server supports it:
 > Support for PKCE to protect authorization code

* WSO2 supports it
 >Configuring PKCE with WSO2 Identity Server

* CA supports it
> Proof Key for Code Exchange (PKCE) is supported for enhanced authorization code security.

Takashi Norimatsu

More information about the keycloak-dev mailing list