Cannot generate PKCE secret
Hello,
I had some discussion with forgejo community while trying to enable PKCE on it, however the told me that you technically should have a secret while using PKCE which is not possible to generate in Zitadel with PKCE framework
https://codeberg.org/forgejo/forgejo/issues/6014
https://oauth.net/2/pkce/
It seems technically possible by temporarily converting your app to a regular Code application then convert it back to a PKCE one ? Or just use Code and app supporing PKCE should try to use it ?
I'm a bit lost on that specific topic, and what makes it even more confusing is that Zitadel recommend using PKCE but the fact that there is no client_secret might make it less secure in certain use case.
I had some discussion with forgejo community while trying to enable PKCE on it, however the told me that you technically should have a secret while using PKCE which is not possible to generate in Zitadel with PKCE framework
https://codeberg.org/forgejo/forgejo/issues/6014
https://oauth.net/2/pkce/
It seems technically possible by temporarily converting your app to a regular Code application then convert it back to a PKCE one ? Or just use Code and app supporing PKCE should try to use it ?
I'm a bit lost on that specific topic, and what makes it even more confusing is that Zitadel recommend using PKCE but the fact that there is no client_secret might make it less secure in certain use case.
Codeberg.org
No
As was tracked by #2766, forgejo supports using PKCE as an OpenID Connect client. However, when utilizing PKCE a client secret is not actually required. Thus, the client secret field should be optional instead of re...
Can you reproduce the bug on the Forgejo test instance?
No
Description
As was tracked by #2766, forgejo supports using PKCE as an OpenID Connect client. However, when utilizing PKCE a client secret is not actually required. Thus, the client secret field should be optional instead of re...
