Skip to content

generic OIDC in Rancher support for PKCE extension #2210

New issue
New issue
Open
Open
generic OIDC in Rancher support for PKCE extension#2210
Assignees
LucasSaintarbor
Labels
release-noteNote this issue in the milestone's release notes
Milestone
v2.14.0
@samjustus

Description

@samjustus
samjustus
opened on Mar 2, 2026

Related Issues

rancher/rancher#50665

Summary

Support for RFC7636 (PKCE) for OIDC Auth Providers
Support was added to the Generic, Cognito and Keycloak OIDC providers to allow enabling S256 (SHA 256) PKCE token verification.

This provides a way to mitigate authorization code interception attacks on OIDC authentication flows.

Only the S256 PKCE verification method is currently supported.

It can be enabled by editing the authentication provider.

Metadata

Metadata

Assignees

Labels

release-noteNote this issue in the milestone's release notes

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions