diff --git a/embedx/config.schema.json b/embedx/config.schema.json index b7f0c468a963..119ed3766fce 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -567,6 +567,13 @@ "enum": ["id_token", "userinfo"], "default": "id_token", "examples": ["id_token", "userinfo"] + }, + "pkce": { + "title": "Proof Key for Code Exchange", + "description": "PKCE controls if the OpenID Connect OAuth2 flow should use PKCE (Proof Key for Code Exchange). IMPORTANT: If you set this to `force`, you must whitelist a different return URL for your OAuth2 client in the provider's configuration. Instead of /self-service/methods/oidc/callback/, you must use /self-service/methods/oidc/callback", + "type": "string", + "enum": ["auto", "never", "force"], + "default": "auto" } }, "additionalProperties": false,