Hi CAS Team, We are currently facing an issue with CAS 6.2.8 while integrating with Microsoft Entra ID (Azure AD) for OIDC authentication. The flow fails during PKCE verification with the following error from Azure: AADSTS50148: The code_verifier does not match the code_challenge supplied in the authorization request.
We understand that PKCE compliance is improved in later CAS versions, so we attempted to upgrade our deployment to CAS 6.4.6 to align with Microsoft requirements. However, our Gradle-based build pipeline failed repeatedly due to dependency resolution conflicts and version mismatches, preventing a successful build. We would like to raise a ticket to get guidance on the following: - Which CAS version fully supports PKCE for Azure AD integration - Recommended dependency or Gradle configuration adjustments when upgrading from 6.2.8 to 6.4.x or newer Environment: - CAS version: 6.2.8 - Target upgrade version: 6.4.6 - Java: 11 - Spring Boot: 2.2.8.RELEASE - Build Tool: Gradle - Integration: Microsoft Entra ID (Azure AD) We can share sanitized logs or dependency trees if required. Any help or direction from the CAS community would be appreciated. Thanks, Preethy Venkat -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8ba9df2d-3cc8-4cf9-b7d6-3829907e365cn%40apereo.org.
