OIDC enterprise connection to Azure AD using authorisation code flow with pkce

duane.vantwest · February 13, 2023, 5:04am

I can see how a custom connection to Azure AD can be achieved using the implicit flow.
Is there a way of enabling PKCE? I’ve seen a random blog where it says you can use the management api to update the connection options with “pkce_enabled”: true
(Authorization Code with PKCE via connection).
I didn’t have any luck updating the connection object (bad json formats and encoding issues).

Does anyone know if auth code flow with PKCE is possble from Auth0 connectors to Azure AD?
Is there a simple way of configuring it?
Should the Azure AD application be configured as SPA or native / mobile app?

dan.woda · February 15, 2023, 4:28pm

Hi @duane.vantwest,

Have you seen our doc on Connect Your App to Microsoft Azure Active Directory?

duane.vantwest · February 15, 2023, 10:48pm

Hi Dan,
Yes I have seen that documentation. I’ve setup and used an Azure AD connection successfully in the past. That isn’t the problem.
I want to authorise to an Idp (azure ad in this case) WITHOUT a client secret. In order to do this we need to use either implicit flow or, preferably, authorisation code flow with PKCE (pkce is more secure and recommended over implicit flow).

My question is, can authorisation code flow with PKCE be enabled / configured between Auth0 Connection and Azure AD? I suspect you need to do this via an Enterprise Custom OIDC connection.

thank you
Duane

dan.woda · February 16, 2023, 1:23pm

Hi @duane.vantwest,

Thanks for the added detail, that info is clarifying. To confirm; you want to use PKCE between Auth0 and your IdP (Azure AD, in this case).

AFAIK, this is currently possible, but let me reach out to the team to confirm.

In the meantime, can you expand on the use case? Is this request a result of OAuth2.1?

dan.woda · February 16, 2023, 3:24pm

Update: The team is actively working on this feature.

duane.vantwest · February 17, 2023, 1:22am

Thanks Dan. That’s great feedback. Look forward to this feature. We can get by in the short term by either a) using implicit flow or b) using the Azure AD connections and use the AD app client and secret id.
Cheers
Duane

dan.woda · February 21, 2023, 2:50pm

Thanks for the follow up!

system · March 7, 2023, 2:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Authorization Code with PKCE via connection Knowledge Articles management-api , oidc , custom , connection , oauth2 , enterprise-connectio	1	2046	September 26, 2022
OpenID Connect - Authorization code flow with PKCE Help oidc , pkce	4	3287	July 21, 2024
Connect to Azure AD using an OIDC Enterprise Connection Knowledge Articles azure-ad , oidc-connection , enterprise-connection	3	7225	January 6, 2021
Does the enterprise connection protocol matter? Help oidc , protocols	0	256	April 8, 2024
Cannot enable Authorization Code with PKCE flow on custom OAuth2 connection Help management-api , connections-management-api	0	1196	June 15, 2023

OIDC enterprise connection to Azure AD using authorisation code flow with pkce

Related topics