OIDC Plugin. Support PKCE

[Pantus Oleh (zibet27)]

Subsystem
Server OIDC

Motivation
KTOR-5001 Add OpenID Connect (OIDC) support on client and server

Solution

• Adds PKCE (RFC 7636) to the OIDC authorisation code flow
• Sends code_challenge / code_challenge_method=S256 on authorize and code_verifier on token exchange
• Stores the code verifier in the encrypted state cookie alongside the nonce
• Adds disablePkce() for legacy OpenID Providers that reject PKCE parameters

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (2)

• main
• release/*

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6efb1429-a75e-4328-add9-5deda3873192

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch zibet27/oidc-pkce

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}