From cfa2edebcf54965d74924da72be61df547d171f2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 21 Feb 2023 23:51:27 +0100 Subject: [PATCH] providers/oauth2: revert PKCE requirement for public clients Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/views/authorize.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index 34a068d39..c4ed156ab 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -260,9 +260,6 @@ class OAuthAuthorizationParams: self.state, f"Unsupported challenge method {self.code_challenge_method}", ) - if self.provider.client_type == ClientTypes.PUBLIC and not self.code_challenge: - LOGGER.warning("Public clients require PKCE", client_id=self.provider.client_id) - raise AuthorizeError(self.redirect_uri, "invalid_request", self.grant_type, self.state) def create_code(self, request: HttpRequest) -> AuthorizationCode: """Create an AuthorizationCode object for the request"""