Details
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
index 0485e3f..67b58d8 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
@@ -69,6 +69,9 @@ public class OIDCWellKnownProvider implements WellKnownProvider {
// TODO: Add more of OIDC scopes
public static final List<String> SCOPES_SUPPORTED= list(OAuth2Constants.SCOPE_OPENID, OAuth2Constants.OFFLINE_ACCESS);
+ // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
+ public static final List<String> DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED = list(OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256);
+
private KeycloakSession session;
public OIDCWellKnownProvider(KeycloakSession session) {
@@ -113,6 +116,9 @@ public class OIDCWellKnownProvider implements WellKnownProvider {
config.setRequestParameterSupported(true);
config.setRequestUriParameterSupported(true);
+ // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
+ config.setCodeChallengeMethodsSupported(DEFAULT_CODE_CHALLENGE_METHODS_SUPPORTED);
+
return config;
}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java b/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java
index cb94c1c..0afa7e4 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java
@@ -103,6 +103,10 @@ public class OIDCConfigurationRepresentation {
@JsonProperty("request_uri_parameter_supported")
private Boolean requestUriParameterSupported;
+ // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
+ @JsonProperty("code_challenge_methods_supported")
+ private List<String> codeChallengeMethodsSupported;
+
protected Map<String, Object> otherClaims = new HashMap<String, Object>();
public String getIssuer() {
@@ -297,6 +301,14 @@ public class OIDCConfigurationRepresentation {
this.requestUriParameterSupported = requestUriParameterSupported;
}
+ // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
+ public List<String> getCodeChallengeMethodsSupported() {
+ return codeChallengeMethodsSupported;
+ }
+ public void setCodeChallengeMethodsSupported(List<String> codeChallengeMethodsSupported) {
+ this.codeChallengeMethodsSupported = codeChallengeMethodsSupported;
+ }
+
@JsonAnyGetter
public Map<String, Object> getOtherClaims() {
return otherClaims;
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
index 8815498..0f13361 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
@@ -119,6 +119,10 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
// Request and Request_Uri
Assert.assertTrue(oidcConfig.getRequestParameterSupported());
Assert.assertTrue(oidcConfig.getRequestUriParameterSupported());
+
+ // KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange
+ // PKCE support
+ Assert.assertNames(oidcConfig.getCodeChallengeMethodsSupported(), OAuth2Constants.PKCE_METHOD_PLAIN, OAuth2Constants.PKCE_METHOD_S256);
} finally {
client.close();
}
