Authentication with PKCE #4897
Labels
enhancement
New feature or request
help wanted
Community contributions are especially encouraged for these issues.
triaged
Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Comments
|
@opensearch-project/admin can you transfer this to security plugin? |
github-actions
bot
added
the
untriaged
cwperks
added
triaged
|
[Triage] This sounds like a good feature request. Marking this as Triaged and Help Wanted. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The current authentication methods in OpenSearch Dashboard do not support PKCE, which is required by our OAuth2 provider. This limitation prevents us from securely authenticating users and integrating with our existing authentication infrastructure.
Describe the solution you'd like
I would like to see the implementation of PKCE (Proof Key for Code Exchange) authentication in OpenSearch Dashboard to comply with our OAuth2 provider's requirements. This would enhance security and allow seamless integration.
Describe alternatives you've considered
Currently, we have considered using other authentication methods, such as standard OAuth2 flows without PKCE, but these do not meet our security standards. We have also explored alternative dashboards, but we prefer to continue using OpenSearch Dashboard if possible.
Additional context
Implementing PKCE would align OpenSearch Dashboard with modern security practices and improve user experience. Documentation or examples of PKCE implementation in similar tools could also be beneficial.
I would add that PKCE becomes mandatory with Oauth2.1. See https://erkanyasun.medium.com/oauth-2-1-vs-oauth-2-0-a-detailed-tutorial-882b7cc7bd23 for example
The text was updated successfully, but these errors were encountered: