Apex Code Development You need to sign in to do that
Don't have an account?
Open Id Connect - PKCE
We have a customer wanting to implement Electronic Id authentication for their customer portal. We have tried to setup authentication according to the documentation here: https://help.salesforce.com/s/articleView?id=sf.sso_provider_openid_connect.htm&type=5
But we are facing issues with the authentication provider that states that we need to have support for PKCE, so the request contains the code_challenge and code_challenge_method parameters.
I have had no luck to find information about how this is done and if it possible. I can not see this in the Auth provider setup. Can someone tell me if this is possible and if so lead me to how it is done ?
But we are facing issues with the authentication provider that states that we need to have support for PKCE, so the request contains the code_challenge and code_challenge_method parameters.
I have had no luck to find information about how this is done and if it possible. I can not see this in the Auth provider setup. Can someone tell me if this is possible and if so lead me to how it is done ?
In the official doc(https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_web_server_flow.htm&type=5), this is called the “Web Server” flow. You can use the web-server flow without client secret, but with PKCE (it’s called code_challenge and code_verifier in the docs).
You can see how that works here: https://cloudsundial.com/auth-code-with-pkce
Note: This applies to situations when Salesforce is the identity provider. It is a different situation (in that case you don’t create an authentication provider record in Salesforce)
In the situation where Salesforce is the Relying Party (i.e. Salesforce is not the identity provider), PKCE is not yet supported when Salesforce is the Auth Provider
If this information helps, please mark the answer as best. Thank you