From cfa2edebcf54965d74924da72be61df547d171f2 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Tue, 21 Feb 2023 23:51:27 +0100
Subject: [PATCH] providers/oauth2: revert PKCE requirement for public clients

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/providers/oauth2/views/authorize.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py
index 34a068d39..c4ed156ab 100644
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@@ -260,9 +260,6 @@ class OAuthAuthorizationParams:
                 self.state,
                 f"Unsupported challenge method {self.code_challenge_method}",
             )
-        if self.provider.client_type == ClientTypes.PUBLIC and not self.code_challenge:
-            LOGGER.warning("Public clients require PKCE", client_id=self.provider.client_id)
-            raise AuthorizeError(self.redirect_uri, "invalid_request", self.grant_type, self.state)
 
     def create_code(self, request: HttpRequest) -> AuthorizationCode:
         """Create an AuthorizationCode object for the request"""