Skip to content

docs(v2): add use_pkce config for GitHub auth and document OIDC nonce field#406

Merged
kodiakhq[bot] merged 1 commit into
mainfrom
v2/use_pkce
May 29, 2026
Merged

docs(v2): add use_pkce config for GitHub auth and document OIDC nonce field#406
kodiakhq[bot] merged 1 commit into
mainfrom
v2/use_pkce

Conversation

@erka
Copy link
Copy Markdown
Collaborator

@erka erka commented May 28, 2026
edited
Loading

closes #403

@erka
docs(v2): add use_pkce config for GitHub auth and document OIDC nonce…
bed7e6f 
… field

Signed-off-by: Roman Dmytrenko <rdmytrenko@gmail.com>
@erka erka requested a review from a team as a code owner May 28, 2026 21:39
@claude
Copy link
Copy Markdown
Contributor

claude Bot commented May 28, 2026

PR Review

Overview

This is a small, focused docs-only PR that closes #403. It does two things:

  1. Adds the new authentication.methods.github.use_pkce config entry (introduced in v2.9.0)
  2. Updates the existing OIDC use_pkce description to mention that it enables a cryptographic nonce alongside PKCE

What looks good

  • Minimal, targeted change — exactly the right scope for a documentation fix
  • Conventional commits format (docs(v2):) is followed correctly
  • Both new and updated entries use the imperative "Enable…" pattern, consistent with the surrounding table rows
  • Version tag v2.9.0 is included for the new GitHub entry, matching the table's convention
  • Default value false is correctly documented for the GitHub entry

Suggestions

1. OIDC description clarity

The updated OIDC description reads:

Enable PKCE with a cryptographic nonce for OIDC authentication

PKCE (code verifier/challenge) and an OIDC nonce are two distinct security mechanisms. Combining them in a single sentence for a single config field (use_pkce) may confuse readers who know the difference. Consider either:

  • Keeping it simple: Enable PKCE for OIDC authentication flow (matches the GitHub entry pattern)
  • Or if this field now controls both behaviors: Enable PKCE and include a nonce for OIDC authentication (more explicit about the dual effect)

The referenced upstream PR title ("fix(authn): oauth pkce challenge for github and a correct oidc nonce") suggests the nonce behavior is tied to this option, but the docs should make that relationship clear to readers.

2. Consistency between the two descriptions

The OIDC and GitHub entries describe the same conceptual option but with different phrasing:

  • OIDC: Enable PKCE with a cryptographic nonce for OIDC authentication
  • GitHub: Enable PKCE for GitHub OAuth flow

Unless the OIDC version intentionally does something extra (the nonce), aligning these would make the table easier to scan.

No blockers

The change is correct and safe to merge as-is. The suggestions above are minor readability improvements, not required fixes.

@kodiakhq kodiakhq Bot merged commit fd71980 into main May 29, 2026
5 checks passed
@kodiakhq kodiakhq Bot deleted the v2/use_pkce branch May 29, 2026 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markphelps markphelps markphelps approved these changes

Assignees

No one assigned

Labels

automerge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Document: fix(authn): oauth pcke challenge for github and a correct oidc nonce

2 participants

@erka @markphelps