Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,444 questions
Any updated on above concern.
Is window Server 2019 support PKCE flow?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 82%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Amit Singh
1
Reputation point
Hi MS Team,
I setup new ADFS (Window server 2019) and as per below document link it should support PKCE:
but after successfully setup when I look .well-know openid-configuration, that configuration look like Implicitly flow.
because "code_challenge_methods_supported" was not present
and as per PKEC guideline and instruction, to support PKCE code_challenge_methods_supported should plain or S256.
is there any other way to enable PKCE after setup or is there any document that give step by step to setup ADFS that support PKCE?
Few point may help:
- I have experience to setup ADFS so it's not first time I am doing.
- New ADFS we need that should support PKCE flow.
Thanks,
Amit Kumar
2 answers
Sort by: Most helpful
-
-
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee2022-04-20T21:56:27.993+00:00 The documentation says it is implemented. Have you try using it and it did not work?
Or does the code of your application rely on the code_challenge_methods_supported to go forward with the flow?
Cause theMicrosoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorizationnamespace has theCodeChallengeMethodenum defined withPlainandS256.I'll inquire to see if there are known issues with it.
-
Amit Singh 1 Reputation point
2022-04-21T05:30:37.03+00:00 The documentation says it is implemented. Have you try using it and it did not work?
Yes, after installation when I look ".well-known/openid-configuration" code_challenge_methods_supported was not present.Or does the code of your application rely on the code_challenge_methods_supported to go forward with the flow?
To support PKCE flow code_challenge_methods_supported is required properites.Is there power shell command to verify?
-
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
2022-04-21T12:43:50.133+00:00 I meant, have you try to actualy use the flow as opposed as just checking the well-known endpoint? I thought PKCE was an OAuth feature, and although it is probably a good idea to have the feature listed in discovery and info endpoints of OIDC, I didn't think it would be mandatory for an app to check if it is there to actually use it. The flow itself doesn't use the well-known endpoint.
Sign in to comment -