Expected Behavior
The code_challenge_methods_supported field should be included in the .well-known/openid-configuration endpoint.
Current Behavior
Currently, the code_challenge_methods_supported field is only available in the .well-known/oauth-authorization-server endpoint, However, we typically only use auto-discovery when using OIDC clients.
Context
In popular identity providers like Keycloak and Google (e.g., https://accounts.google.com/.well-known/openid-configuration), the code_challenge_methods_supported field is included in the openid endpoint. Some clients, such as the OAuth4WebAPI library (https://github.com/panva/oauth4webapi), also support this field.
Expected Behavior
The
code_challenge_methods_supportedfield should be included in the.well-known/openid-configurationendpoint.Current Behavior
Currently, the
code_challenge_methods_supportedfield is only available in the.well-known/oauth-authorization-serverendpoint, However, we typically only use auto-discovery when using OIDC clients.Context
In popular identity providers like Keycloak and Google (e.g., https://accounts.google.com/.well-known/openid-configuration), the code_challenge_methods_supported field is included in the openid endpoint. Some clients, such as the OAuth4WebAPI library (https://github.com/panva/oauth4webapi), also support this field.