diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java index 0485e3f11d..67b58d88f5 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java @@ -69,6 +69,9 @@ public class OIDCWellKnownProvider implements WellKnownProvider { // TODO: Add more of OIDC scopes public static final List SCOPES_SUPPORTED= list(OAuth2Constants.SCOPE_OPENID, OAuth2Constants.OFFLINE_ACCESS); + // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange + public static final List DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED = list(OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256); + private KeycloakSession session; public OIDCWellKnownProvider(KeycloakSession session) { @@ -113,6 +116,9 @@ public class OIDCWellKnownProvider implements WellKnownProvider { config.setRequestParameterSupported(true); config.setRequestUriParameterSupported(true); + // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange + config.setCodeChallengeMethodsSupported(DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED); + return config; } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java b/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java index cb94c1cab0..0afa7e4816 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java @@ -103,6 +103,10 @@ public class OIDCConfigurationRepresentation { @JsonProperty("request_uri_parameter_supported") private Boolean requestUriParameterSupported; + // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange + @JsonProperty("code_challenge_methods_supported") + private List codeChallengeMethodsSupported; + protected Map otherClaims = new HashMap(); public String getIssuer() { @@ -297,6 +301,14 @@ public class OIDCConfigurationRepresentation { this.requestUriParameterSupported = requestUriParameterSupported; } + // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange + public List getCodeChallengeMethodsSupported() { + return codeChallengeMethodsSupported; + } + public void setCodeChallengeMethodsSupported(List codeChallengeMethodsSupported) { + this.codeChallengeMethodsSupported = codeChallengeMethodsSupported; + } + @JsonAnyGetter public Map getOtherClaims() { return otherClaims; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java index 88154987f2..0f13361f62 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java @@ -119,6 +119,10 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest { // Request and Request_Uri Assert.assertTrue(oidcConfig.getRequestParameterSupported()); Assert.assertTrue(oidcConfig.getRequestUriParameterSupported()); + + // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange + // PKCE support + Assert.assertNames(oidcConfig.getCodeChallengeMethodsSupported(), OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256); } finally { client.close(); }