mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-07-17 09:41:07 +00:00
PKCE should now work with Zitadel
This commit is contained in:
Timshel
parent
de429f7c50
commit
9d0338d740
1 changed files with 2 additions and 2 deletions
4
SSO.md
4
SSO.md
|
|
@ -253,7 +253,8 @@ Additionally Zitadel include the `Project id` and the `Client Id` in the audienc
|
|||
For the validation to work you will need to add the `Resource Id` as a trusted audience (`Client Id` is trusted by default).
|
||||
You can control the trusted audience with the config `SSO_AUDIENCE_TRUSTED`
|
||||
|
||||
It appears it's not possible to use PKCE with confidential client so it needs to be disabled.
|
||||
Since [zitadel#721](https://github.com/zitadel/oidc/pull/721) PKCE should work with client secret.
|
||||
But older versions might have to disable it (`SSO_PKCE=false`).
|
||||
|
||||
Config will look like:
|
||||
|
||||
|
|
@ -262,7 +263,6 @@ Config will look like:
|
|||
- `SSO_CLIENT_ID`
|
||||
- `SSO_CLIENT_SECRET`
|
||||
- `SSO_AUDIENCE_TRUSTED='^${Project Id}$'`
|
||||
- `SSO_PKCE=false`
|
||||
|
||||
## Session lifetime
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue