Description
Description
Currently, the PKCE Code Challenge Method setting of a client can be done in the Advanced
tab in Advanced settings
(side note: this is very bad naming: advanced in advanced..., but not the topic here).
I vote for moving this setting to the Settings
tab under Capability config
to have prominent next to choosing which flows to use, as it is an option which should be used together with AuthCode flow.
Discussion
No response
Motivation
PKCE is becoming more and more important, upcoming OAuth 2.1 requires it to be set on every client type (confidential and public). Having this setting hidden under Advanced/Advanced, it's hard to find for people, where and how to enable PKCE.
This way, we can improve the experience for developers/people while trying to configure clients in a secure manner.
Make it obvious, not hidden!
Details
No response