OIDC enterprise connection to Azure AD using authorisation code flow with pkce

I can see how a custom connection to Azure AD can be achieved using the implicit flow.
Is there a way of enabling PKCE? I’ve seen a random blog where it says you can use the management api to update the connection options with “pkce_enabled”: true
(Authorization Code with PKCE via connection).
I didn’t have any luck updating the connection object (bad json formats and encoding issues).

Does anyone know if auth code flow with PKCE is possble from Auth0 connectors to Azure AD?
Is there a simple way of configuring it?
Should the Azure AD application be configured as SPA or native / mobile app?

Hi @duane.vantwest,

Have you seen our doc on Connect Your App to Microsoft Azure Active Directory?

Hi Dan,
Yes I have seen that documentation. I’ve setup and used an Azure AD connection successfully in the past. That isn’t the problem.
I want to authorise to an Idp (azure ad in this case) WITHOUT a client secret. In order to do this we need to use either implicit flow or, preferably, authorisation code flow with PKCE (pkce is more secure and recommended over implicit flow).

My question is, can authorisation code flow with PKCE be enabled / configured between Auth0 Connection and Azure AD? I suspect you need to do this via an Enterprise Custom OIDC connection.

thank you

Hi @duane.vantwest,

Thanks for the added detail, that info is clarifying. To confirm; you want to use PKCE between Auth0 and your IdP (Azure AD, in this case).

AFAIK, this is currently possible, but let me reach out to the team to confirm.

In the meantime, can you expand on the use case? Is this request a result of OAuth2.1?

Update: The team is actively working on this feature.

1 Like

Thanks Dan. That’s great feedback. Look forward to this feature. We can get by in the short term by either a) using implicit flow or b) using the Azure AD connections and use the AD app client and secret id.

1 Like

Thanks for the follow up!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.