Idea Summary

Introduce a new authentication option, "Generic OAuth2 Provider with (PKCE)", to Oracle APEX. This would enhance the security measures for applications, especially when considering public clients such as mobile or native applications. The PKCE (Proof Key for Code Exchange) extension provides an extra layer of security to prevent potential interception attacks during the authorization code exchange process.  

Use Case
Mobile and Native Applications: For developers building applications that run on mobile or native platforms, using the PKCE extension becomes essential. These platforms are considered public clients where the tokens are more prone to interception.

Modern Web Applications: Web applications that prioritize advanced security protocols will benefit from the PKCE extension, ensuring the prevention of authorization code interception.

Developers Seeking Advanced OAuth2 Options: For developers looking for a finer granularity of control and more advanced options in their OAuth2 implementation, this feature will cater to their needs.

Preferred Solution

Integration with Oracle APEX: The new authentication scheme would be integrated into Oracle APEX's existing framework. Under the Authentication Types dropdown, a new option, "Generic OAuth2 Provider with (PKCE)", would be introduced.

Code Challenge Method Option: Once the new authentication type is selected, developers should have the ability to select their preferred Code Challenge Method. This can be achieved through a dropdown menu offering two choices:

S256
Plain
Documentation and Guidance: Along with the implementation, it would be beneficial to provide comprehensive documentation and best practice guidance to ensure developers are well-equipped to use the new feature effectively.