[Help Wanted] Issue with Oauth2 Setup (w/ PKCE & Ed25519)

[Funasitien]

Hi everyone! I hope you are all doing well

I'm having a really specific issue and was fighting to get around it for a big month now. I figured out I could try to see with you if you would have any resources or just code that could help me.

I am trying to setup Weblate under a custom OAuth2 provider, made with better-auth. My issue is that better auth uses modern oauth requirements that Weblate doesn’t support right now. Here are the two

PKCE Validation

Better auth enforce by default pkce verifcation (sending an additional verification code to the provider back to the consumer). While this can be tweaked and disabled, I would like to know if there would be any way to enable pkce with python social AND Weblate. I have seen some python example but porting them to Weblate didn't gave me any success.

-> Need more infos? Here is the relevant documentation on better-auth.

JWT encryption algorithm

Second, more problematic issue, is that the jwt algorithm used by better auth seems to not be supported by Weblate, Ed25519. I always get the error Token error: The specified alg value is not allowed. Is there a way to add support to new algorithms? Or would I have to rewrite/give up on this?

-> Need more infos on how better auth sign jwt tokens? Here is the relevant documentation.

I'm hosting my Weblate instance using docker (compose). I would like to avoid forking first, a python override file would be preferred (I already tried some of them without any success, If I could get a quick recap on how to check if the file is taken into account I wont say no)

Thanks you for your time!

[nijel]

Weblate uses https://github.com/python-social-auth/social-core so this is probably best addressed by adding better-auth support there. The PKCE validation is supported there, and so is JWT algorithm configuration.