Hi, I am new to using CAS. I want to implement a public client with the authorization code pkce flow so that the client does not have to use the client secret. I have read in the documentation of my version that CAS accepts the authorization code pkce flow in /oidc/authorize in the same way as it does with the authorization code flow. So I have removed the client secret from the client JSON so that I don't have to use it for the flow.
My problem is that when I make requests with the Postman, it allows me to use both the authorization code pkce and the authorization code flow for that client without client secret. How can I make it so that it only supports the authorization code pkce flow and that if it does not receive a code_challenge from the client the call to /oidc/authorize fails? In other words, make the code_challenge as a mandatory parameter for this application when using the /oidc/authroize endpoint. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7e60f41-66ab-4d57-9bae-876fabe36226n%40apereo.org.