Postal
OIDC PKCE support #3021
Replies: 4 comments 1 reply
-
|
Referring to https://github.com/postalserver/postal/blob/main/config/initializers/omniauth.rb and https://github.com/omniauth/omniauth_openid_connect?tab=readme-ov-file#options-overview I think this could be specified by you modifying omniauth.rb to support your particular use case, replacing the It looks like omniauth handles everything for you so having a look at the rest of #2873, it seems like you only need to change that one file. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, i got it working. Would be good if there was a fyi for anyone i created an example for kanidm: |
Beta Was this translation helpful? Give feedback.
-
|
glad you figured it out, feel free to make a PR if you know what code changes are required, I think there are a couple of other open ones if you needed a reference for adding more config options |
Beta Was this translation helpful? Give feedback.
-
|
Done, first time creating a PR #3130 with this much change. But i have tested it with env and config file on kanidm and it works. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, did my PR get accepted ? |
Beta Was this translation helpful? Give feedback.
-
Hi, i recently was trying too get postal server oidc to work with kanidm. With Kanidm's strict security with oauth2 it requires PKCE . Is this going to be implemented ? Please see link for reasoning.
Reason for PKCE:
https://kanidm.github.io/kanidm/master/frequently_asked_questions.html#oauth2)
https://oauth.net/2/pkce/
Beta Was this translation helpful? Give feedback.
All reactions