You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Keycloak accepts the the code challenge method "S256" (it is part of a drop down menu) but it seems like supabase has hardcoded it's challenge method to "s256"
So when a login is attempted Keycloak throws
PKCE enforced Client without code challenge method.
I was able to kinda work around this by exporting my realm and modifying the value in json to be "s256" which allowed my Keycloak server to accept the request, but then I got "CODE_TO_TOKEN_ERROR" on the keycloak side and 400 Bad Request\nResponse: {\"error\":\"invalid_grant on the auth side. Because I assume that keycloak does not know how to handle the token.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Set up Keycloak/Auth (I did using an operator on a Kubernetes environment)
Authorize with SSO
Expected behavior
Happy path login
Screenshots
System information
Openshift 4.15
Additional context
It would be great if it used the .well-known/openid-configuration path to pull this information but I understand that would be a big ask.
Secondarily an it would be nice if there was an easy workaround that would just send the method with a capital s.
Also having a hard time finding the documentation on how to enable the plain workflow, that would at least give me a workaround for now.
The text was updated successfully, but these errors were encountered:
Bug report
Describe the bug
Keycloak accepts the the code challenge method "S256" (it is part of a drop down menu) but it seems like supabase has hardcoded it's challenge method to "s256"
So when a login is attempted Keycloak throws
PKCE enforced Client without code challenge method.
I was able to kinda work around this by exporting my realm and modifying the value in json to be "s256" which allowed my Keycloak server to accept the request, but then I got "CODE_TO_TOKEN_ERROR" on the keycloak side and
400 Bad Request\nResponse: {\"error\":\"invalid_grant
on the auth side. Because I assume that keycloak does not know how to handle the token.To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
Happy path login
Screenshots
System information
Openshift 4.15
Additional context
It would be great if it used the
.well-known/openid-configuration
path to pull this information but I understand that would be a big ask.Secondarily an it would be nice if there was an easy workaround that would just send the method with a capital
s
.Also having a hard time finding the documentation on how to enable the plain workflow, that would at least give me a workaround for now.
The text was updated successfully, but these errors were encountered: