[feature]: Include PKCE Support for OIDC #8572
Description
Is there an existing issue for this?
- I have searched the existing issues
Summary
Currently, Plane's OIDC implementation does not support PKCE (Proof Key for Code Exchange). Modern OAuth 2.1 compliant providers (such as Better-Auth, Logto, or Keycloak 20+ in certain configurations) require PKCE for the authorization_code flow.
When attempting to connect Plane to these providers, the authentication fails because the provider expects a code_challenge in the authorization request and a code_verifier during the token exchange, which Plane does not currently seem to provide.
Why should this be worked on?
Most authentication platforms are moving towards 2.1 compliance and will not work with Plane's current OIDC implementation.