Require PKCE

packages/core/src/index.ts

@@ -9,16 +9,17 @@ const app = new Koa();
 const PORT = 3000;
 
 const oidc = new Provider(`http://localhost:${PORT}/oidc`, {
-  pkce: {
-    methods: ['S256'],
-    required: () => false,
+  cookies: {
+    // V2: Rotate this when necessary
+    // https://github.com/panva/node-oidc-provider/blob/main/docs/README.md#cookieskeys
+    keys: ['LOGTOSEKRIT1'],
   },
   clients: [
     {
       client_id: 'foo',
-      client_secret: 'bar',
       redirect_uris: ['http://localhost:3000/callback'],
-      grant_types: ['authorization_code'],
+      grant_types: ['authorization_code', 'refresh_token'],
+      token_endpoint_auth_method: 'none',
     },
   ],
   findAccount: (ctx, sub) => {