Hue OAuth2.0/OIDC code_challenge missing

We have successfully tested SSO within Cloudera Hue 4.11.0 with both Auth0 and KeyCloak using OpenID Connect. Now, we are trying to get it working with one of our in-house IDP systems for production. However, it’s failing there with an “Invalid Request” error. The logs mention that a parameter called “code_challenge” is missing. A quick Google search mentioned that the authorization server looks for this parameter when it needs a client to use PKCE.

Does anyone know how to get past this error and get SSO working?


We got it working after the IDP Admin disabled PKCE for our application.