Critical 1. Proposed title of this feature request
Quay enable PKCE integration with OIDC
2. What is the nature and description of the request?
Customer needs this functionality enabled so that when OIDC provider requires it there is no loss of service
3. Why does the customer need this? (List the business requirements here)
Describe your problem. Include specific actions and error messages. When attempting to configure Quay to use an OIDC server requiring PKCE, authentication fails immediately with this error: "https://containerregistryqa.disney.com/oauth2/myid/callback?state=<redacted>&error=invalid_request&error_description=PKCE%20code%20challenge%20is%20required%20by%20the%20application." I could not find any information in the Quay documentation to indicate how and if Quay supports OIDC with PKCE. Does it support PKCE? How is PKCE enabled and configured? Describe the impact to you or the business Quay will become non-functional when our OIDC provider begins enforcing PKCE this month. In what environment are you experiencing this behavior? Stage/Testing How frequently does this behavior occur? Does it occur repeatedly or at certain times? Consistently, continuously.
4. List any affected packages or components.
quay-enterprise
- is triggering
-
PROJQUAY-9281 Enable PKCE integration with OIDC
-
- Testing
-
- relates to
-
RFE-7428 Support for OAuth 2.0 PKCE in RHBK integrations for Quay
-
- Approved
-