- Red Hat Single Sign-On (RH-SSO)
- Proof Key for Code Exchange by OAuth Public Clients (rfc #7636)
- Does RH-SSO support Proof Key for Code Exchange by OAuth Public Clients (RFC 7636) ?
- What is the level of support for Proof Key for Code Exchange (PKCE) is available in RH-SSO ?
- Securing Web Applications with RH-SSO using OAuth 2.0 Authorization Code Flow and PKCE
Starting from the 7.2.0 release, RH-SSO does support Proof Key for Code Exchange by OAuth Public Clients on the server-side.
For further more details, refer to the KB article: Support for PKCE (Proof Key for Code Exchange) in RH-SSO.
It is to highlight that the RFC #7636 is part of the Financial Services – Financial API that consists of the following parts:
- Part 1: Read-Only API Security Profile
- Part 2: Read and Write API Security Profile
- Part 3: Open Data API
- Part 4: Protected Data API and Schema - Read-Only
- Part 5: Protected Data API and Schema - Read and Write
There is a Feature Request - KEYCLOACK-6767 to have Keycloak/RH-SSO to fully implement and support the full
Financial API (FAPI) Security Profiles in a future release.
- Red Hat Single Sign-On
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.