[keycloak-dev] PKCE in keycloak-servlet-oauth-client does not work

Stian Thorgersen sthorger at redhat.com
Fri Mar 8 02:26:05 EST 2019


I'm not sure what use-cases servlet-oauth-client aims to cover and I'm not
sure why we have it in the first place. It's not documented nor is it well
tested as far as I can tell.

On Fri, 8 Mar 2019 at 03:26, 乗松隆志 / NORIMATSU,TAKASHI <
takashi.norimatsu.ws at hitachi.com> wrote:

> Hello,
>
> I had contributed server side PKCE (RFC 7636 Proof Key for Code Exchange)
> support for keycloak and merged.
> At that time, I had also implemented client side PKCE in servlet oauth
> client to demonstrate how PKCE works.
>
> However, it seemed that I had pushed servlet oauth client codes that did
> not work instead of ones used in my local environment.
> Therefore, client side PKCE in servlet oauth client does not work.
>
> I've already known how to fix it, but it is difficult to write Arquillian
> integration tests.
>
> I've searched existing Arquillian integration tests for servlet oauth
> client but not found.
>
> Could anyone help me?
>
> Best regards,
> Takashi Norimatsu
> Hitachi Ltd.,
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list