spring-boot spring-security oauth-2.0 spring-security-oauth2 spring-webclient

authorization code flow without code_challenge_method & code_challenge via spring-security-oauth2-client

We have identity server which does not support PKCE. It cannot be modified to include PKCE.

I am trying to implement authorization code flow on same identity server using spring-security-oauth2-client , spring-boot-starter-security & webclient. The generated authorization code uses code_challenge_method & code_challenge which is giving error while accessing token. Is there any way in spring to not use PKCE by default?

I am using spring boot version 2.3.4.RELEASE

Solution

Spring Security will use PKCE only, if the client doesn't have a client-secret configured.

https://docs.spring.io/spring-security/site/docs/5.4.2/reference/html5/#oauth2Client-auth-code-grant

What's wrong that always returns null for the repository and the test fails?
Spring Boot Hibernate 6.6.0 delete TransientObjectException after update
Getting refresh token for gmail API with Spring Security
Task execution is not working after lunching the task in spring cloud data flow
docker-compose up gives 'failed to read dockerfile: error from sender'
Use Keycloak Spring Adapter with Spring Boot 3
Spring Boot with React and Keycloak: redirect to Keycloak's login page fails due to CORS error (no Access-Control-Allow-Origin header set)
WebMvcTest and entitMangerFactory missing reference
Component scan for configuration class could not be used with conditions in REGISTER_BEAN
How do I add audience validation using Spring OAuth without needing the issuer?
unit test @Valid of springboot without having to spin up / mock the server
How to call a service from Main application calls Spring Boot?
Extra unnecessary join with filtering and EntityGraph in Spring Data JPA Repository
Spring JBDC bad SQL grammar on PostgreSQL
Test REST APIs on a real server (without localhost )
How can I pass an array of objects in query params in postman for the post request?
perform SpringBoot request validation based on configurable property
Setting cookie from java spring boot rest API to angular
Validate list inside request with springboot against [null]
How to use Spring Security WebAuthn to implement Passkey?
Unable to run Spring Boot native application with AWSSecretsManagerPostgreSQLDriver
Spring Boot Redis Cache @CachePut is not updating the cache
spring batch dependency cycle
SimpMessagingTemplate not sending messages in spring boot
Hibernate StaleObjectStateException After Upgrading to 6.6.3: Row was updated or deleted by another transaction or unsaved-value mapping was incorrect
Spring doesn't recommend to annotate interface methods with @Cache* annotation on Spring HttpInterface
Spring Boot 3.4.0 lets integration tests with JPA/Hibernate fail
I get "No message available" in postman response from api spring
How to fix jackson java 8 data/time error?
How to use both @RestControllerAdvice and Swagger UI in Spring boot