It appears that Kick uses OAuth 2.1, which requires PKCE for the authorization flow. I was encountering errors until I enabled it. It seems we are missing protected $usesPKCE = true; in the Provider class. Adding this fixed the issue for me.

It appears that Kick uses OAuth 2.1, which requires PKCE for the authorization flow. I was encountering errors until I enabled it. It seems we are missing protected $usesPKCE= true; in the Provider class. Adding this fixed the issue for me.

Thanks for pointing this out 👍

You’re absolutely right — Kick follows OAuth 2.1 and requires PKCE for the authorization flow.

I’ve updated the Provider class.

With this change in place, the authorization flow now works correctly.

Appreciate you catching this and sharing the fix!