Document the pkce_enabled option for custom OAuth2.0 integrations

emilfranzell · January 25, 2024, 10:28am

Feature: Documentation for the pkce_enabled option on custom OAuth2.0 integrations

Description: There is at least one option for the PATCH /api/v2/connections/{id} endpoint that is not documented. The page below should include the attribute “pkce_enabled” on the “options” body parameter.
https://auth0.com/docs/api/management/v2/connections/patch-connections-by-id
This other docs page might also want to mention it:
https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2
The only place online I found where it was mentioned is this forum post:

I think it would be better if this was a documented feature, or if it was even just a checkbox on the Custom Social Connections configuration form.

Use-case: I am working for an IdP that wants to provide the option for its customers to use their services via Auth0 universal login. The provider uses PKCE by default and does not want to disable it, since it provides additional protection. If the customers are to configure the Auth0 integration on their own, it would be nice to be able to have a check box for toggling PKCE.

dan.woda · January 26, 2024, 3:53pm

Hi @emilfranzell,

Welcome to the Auth0 Community and thank your for your feedback!

emilfranzell · January 26, 2024, 9:55pm

Thank you Dan, what do you think about this feature request? Do you think it would be too much to add a checkbox to the form? Maybe there are many other options that are also not present? In that case, would it be reasonable to add a drop down menu with all of the hidden options?

dan.woda · January 30, 2024, 3:14pm

@emilfranzell,

You’ve described it clearly and I can see the value in the solution you’ve described. It’s not up to me though.

Our product managers use this feedback to determine the demand for features and make decisions based on the feedback.