Add note about PKCE to KeycloakInstalled adapter documentation

This commit is contained in:
Thomas Darimont 2019-07-02 09:21:49 +02:00 committed by Marek Posolda
parent 009af1e1a3
commit d58d4f62bd

View file

@ -57,9 +57,9 @@ The `KeycloakInstalled` adapter provides support for renewal of stale tokens.
The application needs to be configured as a `public` OpenID Connect client with The application needs to be configured as a `public` OpenID Connect client with
`Standard Flow Enabled` and pass:[http://localhost:*] as an allowed `Valid Redirect URI`. `Standard Flow Enabled` and pass:[http://localhost:*] as an allowed `Valid Redirect URI`.
TIP: The `KeycloakInstalled` adapter supports the `PKCE` mechanism to provide additional protection during TIP: The `KeycloakInstalled` adapter supports the `PKCE` [RFC 7636] mechanism to provide additional protection during
code to token exchanges in the `OIDC` protocol. PKCE can be enabled with the `"enable-pkce": true` setting code to token exchanges in the `OIDC` protocol. PKCE can be enabled with the `"enable-pkce": true` setting
in the adapter configuration. Enabling PKCE is highly recommended. in the adapter configuration. Enabling PKCE is highly recommended, to avoid code injection and code replay attacks.
===== Usage ===== Usage