Feature Request: OAUTH2 PKCE needed

[maquejp]

Hello,
We are trying to implement oauth2 authentication against a in-house authentication server.
The issue is that they request to have PKCE (Code Challenge) to access the request. So we receive a Invalid request: Missing CodeChallenge (PKC2 - RFC 7636)
Can you confirm that it is not actually the case with the osTicket plugin?
Do you plan to implement it anytime soon?
Best regards

[JediKev]

@maquejp

No, the current iteration of OAuth2 in osTicket does not support the concept of PKCE code challenges. You’ll need to ask your provider to disable it or you’ll need to modify the code/plugin to your liking. With this being said we can take this as an enhancement for after v2.0; stay tuned!

Cheers.

[maquejp]

My organisation will not change it for me it is the corporate solution so we have to comply. For the time being we are using LDAP but we have been asked to move to the corporate solution.
So ennhancement it should be.
Any roadmap for 2.0?

[JediKev]

@maquejp

No set release date but we are planning on releasing a preview this year. We do have a public roadmap but it’s admittedly not updated regularly and does not reflect the current development progress.

Cheers.

[maquejp]

The OAuth2 cannot be patched before 2.0?

[JediKev]

@maquejp

Currently, legacy osTicket is in maintenance mode whilst we focus on v2.0. This means we are not making any major changes, adding any new features, etc. (unless absolutely required like a provider makes critical changes, etc.). So if you want this before v2.0 then you’ll need to modify the code and plugin yourself (the beauty of open source software).

Cheers.

[maquejp]

@JediKev I have checked with the team in charge, and they are allowing me to for "nonce" instead of pkce... But I do not see anything about it for the plugin, is it also a dead-end?

[JediKev]

@maquejp

No, we do not support code challenges nor nonce at this time. You’d need to modify the core codebase and/or plugin.

Cheers.