Hi All -
I'm attempting to setup delegation from CAS 6.2.2 to Okta and have run into a problem. The logs show: 2020-09-15 23:55:49,201 DEBUG [org.pac4j.oidc.redirect.OidcRedirectionActionBuilder] - <Authentication request url: https://dev-233489.okta.com/oauth2/v1/authorize?scope=openid+profile+email&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A8444%2Fcas%2Flogin%2Fokta&state=TST-1-r6SHqooSo3qIITtnkhCDn0aLhoKRl0-R&code_challenge_method=S256&nonce=4NjpcwSH_PxBES2_SXTfeEku6BoDb1jqzsTfxNhsuqc&client_id=0oaz33kps1PVfeERs4x6&code_challenge=dPP8K0ENJEO5BGNv_ML0WarVa7zOLcbZgCJu45Ih5Co> 2020-09-15 23:55:49,640 DEBUG [org.pac4j.oidc.credentials.extractor.OidcExtractor] - <Authentication response successful> 2020-09-15 23:55:50,150 DEBUG [org.pac4j.oidc.credentials.authenticator.OidcAuthenticator] - <Token response: status=400, content={"error":"invalid_request","error_description":"PKCE code verifier is required when the token endpoint authentication method is 'NONE'."} The CAS configuration is: cas.authn.pac4j.oidc[0].generic.type=GENERIC cas.authn.pac4j.oidc[0].generic.discoveryUri=https://dev-233489-admin.okta.com/.well-known/openid-configuration cas.authn.pac4j.oidc[0].generic.maxClockSkew=600 cas.authn.pac4j.oidc[0].generic.scope=openid profile email cas.authn.pac4j.oidc[0].generic.id=*** cas.authn.pac4j.oidc[0].generic.secret=*** cas.authn.pac4j.oidc[0].generic.useNonce=true cas.authn.pac4j.oidc[0].generic.preferredJwsAlgorithm=RS256 Any idea why the authentication type is defaulting to none and not client_secret_basic? I've tried adding both: cas.authn.pac4j.oidc[0].generic.disablePkce=true cas.authn.pac4j.oidc[0].generic.clientAuthenticationMethod=client_secret_basic But no luck. Thanks for any advice. I've been looking at the code and pac4j source to try to figure out what is going on here but not having much luck. Abre Chase -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/72aad569-9c8f-4005-8487-69e7ddfbf1c5n%40apereo.org.
