RedirectURI with same domain as issuer does not work

[CL1302]

I don't find a way to authenticate via OpenID with PKCE Flow.
For example, the Client Secret field is a "must"-Field, but it's not necessary for PKCE.
I cannot find any option for that.

Is there another way to get it to work?
If not, it would be nice to support this flow in the future.

Thank you very much for this nice Tool!

[latonz]

If you use a OAuth2 / OpenID-Connect auth configuration with a client authorization method of None, there shouldn't be a client secret field. The PKCE parameters are sent by default. Does this resolve your issue?

[CL1302]

Thank you Lars!
Yes, the Client Secret Attribute is gone this way, but it doesn't work. When I update the Token, it should open a window of the IdP to authenticate I guess, but there is only an error below the Token-Field: "Unauthenticated".
Maybe we can check it together when we meet in person next time. If you like, you can close the issue. I can use another flow as workaround.
Cu, Christian

[latonz]

According to my analysis the oidc flow does not work in Kreya if the redirect uri is the domain of the issuer. The problem is not related to PKCE...
Not working example: Redirect uri: https://mycompany.com, Issuer: https://mycompany.com which leads to the authorization endpoint https://mycompany.com/authorize.