Re: [Unity-idm-discuss] basic auth header for public clients with pkce

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Sander,

W dniu 03.12.2021 o 12:27, Sander Apweiler pisze:
> Hi Krzysztof,
> We have an SP, which is a SPA using PKCE with CORS. This part is
> working now. We set the clientType to PUBLIC. When the SP requests the
> user token the error message "Invalid user name, credential or external
> authentication failed." is shown. Investigating the logs a little bit
> more it shows "No HTTP BASIC auth header was found". This should not
> the case for PKCE, isn't it?

Yeah, that's one known issue we had in our impl. Currently even for 
public client you have to setup some password (publicly known) and use it.

We can fix that problem now, as in 3.7.0 we have introduced optionally 
authenticated REST endpoints feature, which enables proper handling of 
this case.

That should be a small change now I'll put the corresponding ticket on 
the short term queue.

Best,
Krzysztof

Re: [Unity-idm-discuss] basic auth header for public clients with pkce

Identity management and federations integration

Re: [Unity-idm-discuss] basic auth header for public clients with pkce