A simple authentication node for ForgeRock's Identity Platform 6.5.2 and above.
This node basically works as the standard Social Authentication nodes except that it allows the configuration of the Proof Key for Code Exchange method. This might be needed to ensure backwards compatibility with legacy OAuth providers that do not support PKCE and therefore cannot handle request parameters such as code_challenge, code_challenge_method or code_verifier.
While some implementations ignore the parameters, others throw errors. This authentication node allows PKCE to be completely disabled, hence none of the above parameters will be sent to the OAuth provider.
Copy the .jar file from the target directory into the /path/to/web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the new node. The node will then appear in the authentication trees components palette.
To use this node, in the AM administration interface, navigate to the realm, select Authentication > Trees from the navigation and click on Create Tree. Within the tree designer, drag the Social node with configurable PKCE method to the main area, configure it so it suits your requirements.
Specify the desired PKCE method, which can be one of NONE, PLAIN or S256. NONE disables PKCE completely.
For more information on how to configure Social Authentication Nodes, refer to the AM documentation.
The code in this repository has binary dependencies that live in the ForgeRock maven repository. Maven can be configured to authenticate to this repository by following the following ForgeRock Knowledge Base Article.