I've found it was merged. Thank you very much!
From: keycloak-dev-bounces(a)lists.jboss.org [mailto:email@example.com]
On Behalf Of 乗松隆志 / NORIMATSU，TAKASHI
Sent: Monday, April 03, 2017 4:17 PM
Subject: [!]Re: [keycloak-dev] Proposal of RFC7636 (PKCE) support
What about the status of the PR?
There was two PRs about PKCE, but it is now only one PR(above).
I found that 3.x label is removed, and I am afraid that priority was set low.
However, this patch is very important for keycloak to be competitive.
And I wish the review will be resumed soon.
If there is any issue, please tell me, I am willing to work.
Following is background information why PKCE is necessary:
In the financial API draft of OIDF,
It requires RFC7636.
5.2.2. Authorization Server
The Authorization Server
shall support [RFC7636] with S256 as the code challenge method;
In addition, other competing products supports it.
* Gluu server supports it:
Support for PKCE to protect authorization code
* WSO2 supports it
Configuring PKCE with WSO2 Identity Server
* CA supports it
Proof Key for Code Exchange (PKCE) is supported for enhanced
authorization code security.
keycloak-dev mailing list