PKCE / Code challenge with OAuth2 #4401
Replies: 1 comment 2 replies
-
|
Take a look at this |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, correct but this is the spring documentation, unfortunately we are not going the road to fork or deep custom kafka-ui. Either this is a feature missing, a wish to not support it out of the box, or we missed something somewhere, is more the answer we were looking for. In the best world we would try to offer a PR about this but unfortunately it would be with substantial delay as we are currently under water. Again thanks for the quick response. |
Beta Was this translation helpful? Give feedback.
-
|
I would not expect this implemented any time soon, considering this |
Beta Was this translation helpful? Give feedback.
-
Hi,
We are trying to use an oauth2 server to secure the access to kafka-ui but unfortunately, the authorize flow does not take into consideration doing the code_challenge part (PKCE).
Usually it ends by having somewhere in the java code
.requireProofKey(true)but we did not find any references to that.We tried some out of blue property within the config.yml files under the oauth2 client properties without any luck.
Is there any way to enable this through the config file or env? Sadly we cannot disable PKCE at all for security reason.
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions