Federation docs for OIDC recommend implicit grant
Bug #2027729 reported by
Kristi Nikolla
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Undecided
|
Unassigned |
Bug Description
The documentation for setting up OIDC says to use id_token in OIDCResponseType instead of code (or omitting the line entirely since code is the default).
Using implicit grant is not recommended as https:/
What is recommended is Authorization Code with PKCE.
To post a comment you must log in.
Hello
Does Keystone currently support OIDC auth via Authorization Code with PKCE? I cannot find any documentation for configuring it. I'd like to use the openstack cli without specifying a client secret as we cannot distribute that secret to all users