This is a small test suite to verify that Keycloak supports PKCE. There's a very brief note about it in the documentation:
Keycloak also supports the optional Proof Key for Code Exchange specification.
but no other mention.
To run the tests, do the following:
make keycloak: stands up an instance of Keycloak 4.8.3.Final on 8080make client: to create thetestrealm,test-pkceclient and a usermake pkce: to run the actual tests.
Assuming everything goes correctly, you should see the following printed:
Finished authorization code flow with PKCE
Verified that code cannot be exchanged when code verifier is invalid
Verified that code cannot be exchanged when code verifier is not present