fix: re-enable PKCE by default

Signed-off-by: Edward Ly <[email protected]>
nextcloud · Oct 6, 2024 · 73d606d · 73d606d
1 parent a3f3fb5
commit 73d606d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -88,10 +88,10 @@ sudo -u www-data php var/www/nextcloud/occ config:app:set --value=0 user_oidc al
 
 This app supports PKCE (Proof Key for Code Exchange).
 https://datatracker.ietf.org/doc/html/rfc7636
-It is disabled by default and can be enabled in `config.php`:
+It is enabled by default, but can be disabled in `config.php`:
 ``` php
 'user_oidc' => [
-    'use_pkce' => true,
+    'use_pkce' => false,
 ],
 ```
 

diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
@@ -232,7 +232,7 @@ public function login(int $providerId, ?string $redirectUrl = null) {
 		$this->session->set(self::NONCE, $nonce);
 
 		$oidcSystemConfig = $this->config->getSystemValue('user_oidc', []);
-		$isPkceEnabled = isset($oidcSystemConfig['use_pkce']) && $oidcSystemConfig['use_pkce'];
+		$isPkceEnabled = $oidcSystemConfig['use_pkce'] ?? true;
 		if ($isPkceEnabled) {
 			// PKCE code_challenge see https://datatracker.ietf.org/doc/html/rfc7636
 			$code_verifier = $this->random->generate(128, ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER);
@@ -396,7 +396,7 @@ public function code(string $state = '', string $code = '', string $scope = '',
 		}
 
 		$oidcSystemConfig = $this->config->getSystemValue('user_oidc', []);
-		$isPkceEnabled = isset($oidcSystemConfig['use_pkce']) && $oidcSystemConfig['use_pkce'];
+		$isPkceEnabled = $oidcSystemConfig['use_pkce'] ?? true;
 
 		$discovery = $this->discoveryService->obtainDiscovery($provider);