You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am currently trying to implement external pkce security for my content.
The problem I am running into is that pkce is a two stage process. When my OIDC Identity Provider redirects to my custom callback endpoint, the redirect gets overridden and ends up going to ExternalLoginCallback.
To fix that I tried using a workflow filter to go to my designated url (the url is in the same project as the cms) instead of the ExternalLoginCallback however the workflow was never activated. Then I tried redirecting to ExternalLoginCallback instead hoping the the filter would then work because I am going there directly, but the result was an error because it went to ExternalLoginCallback while missing some of the things it needed.
The reason I am trying to execute the OIDC callback on my own endpoint is so I can access the pkce code verifier which I had stored in session state previously. The out of the box ExternalLoginCallback seems to ignore the fact I am attempting to use pkce and authentication fails. I don't have to use my own callback if there's a better way to achieve authentication with OIDC pkce on my own 3rd party Identity provider
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I am currently trying to implement external pkce security for my content.
The problem I am running into is that pkce is a two stage process. When my OIDC Identity Provider redirects to my custom callback endpoint, the redirect gets overridden and ends up going to ExternalLoginCallback.
To fix that I tried using a workflow filter to go to my designated url (the url is in the same project as the cms) instead of the ExternalLoginCallback however the workflow was never activated. Then I tried redirecting to ExternalLoginCallback instead hoping the the filter would then work because I am going there directly, but the result was an error because it went to ExternalLoginCallback while missing some of the things it needed.
The reason I am trying to execute the OIDC callback on my own endpoint is so I can access the pkce code verifier which I had stored in session state previously. The out of the box ExternalLoginCallback seems to ignore the fact I am attempting to use pkce and authentication fails. I don't have to use my own callback if there's a better way to achieve authentication with OIDC pkce on my own 3rd party Identity provider
How should I do it?
Beta Was this translation helpful? Give feedback.
All reactions