Support for Authorization Code Flow with PKCE.
See original GitHub issuehttps://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-00 https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas
I am working on an implementation in the @microsoftgraph/msgraph-sdk-javascript, which uses the @azure/identity TokenCredential
feature. An example use case is that a user must be able to pass a authorizationCodeCredential
for a browser app or a clientSecretCredential
for a node app, basically any credential object as per the user’s requirement, to the Graph JS client and authenticate to the Graph API.
It would be convenient if we can skip using another package just to support AuthCode flow with PKCE.
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Authorization Code Flow with Proof Key for Code Exchange ...
The PKCE-enhanced Authorization Code Flow introduces a secret created by the calling application that can be verified by the authorization server ; this...
Read more >OpenId Connect Auth Code Flow + PKCE - OneLogin API
The Authorization Code Flow + PKCE is an OpenId Connect flow specifically designed to authenticate native or mobile application users.
Read more >Auth Code Flow with PKCE - Medium
The Authorization Code Flow + PKCE is an OpenId Connect flow specifically designed to authenticate public client applicationcs (native or mobile) application ...
Read more >Implement the OAuth 2.0 Authorization Code with PKCE Flow
This tutorial shows you how to migrate from the OAuth 2.0 Implicit flow to the more secure Authorization Code with PKCE flow.
Read more >Authorization Code Flow With PKCE - Cloudentity
Authorization code grant with the Proof Key of Code Exchange (PKCE) is an extension of the standard authorization code grant OAuth flow.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@thewahome and @bettirosengugi for visibility. Let’s make sure that we state here in the case that we verify that SPA cannot use implicit auth with conditional access policy, and SPA must use authorization code flow + PKCE for conditional access. It may help in the prioritization of this work as it has the potential to affect many tenants + SPA scenarios.
Thank you for the feature request.
We currently have this on our backlog of features to implement. We don’t yet have a timeline for when it will be implemented, but once we do we’ll add more information to this issue.