Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Implementing Authorization code flow with PKCE

See original GitHub issue

Hello Devs,

I am implementing Google Sign in flow with PKCE. using this library and following Google’s documentation for authorization code flow with PKCE (https://developers.google.com/identity/protocols/OAuth2InstalledApp#step1-code-verifier) and my current code looks like.

client_id = --------.apps.googleusercontent.com'
client_secret = '--------'
redirect_uri = 'https://6c5b3b6c.ngrok.io/misc/hello/'
code_challenge = 'cr7
code_challenge_method = "S256"
scope = [
    #'https://www.googleapis.com/auth/userinfo.email',
    'email',
    'openid',
    'profile'
    #'https://www.googleapis.com/auth/userinfo.profile'
]
oauth = OAuth2Session(client_id, redirect_uri=redirect_uri,
                          scope=scope)

authorization_url, state = oauth.authorization_url(
        'https://accounts.google.com/o/oauth2/auth',
        # access_type and prompt are Google specific extra
        # parameters.
        access_type="offline", prompt="select_account")
print('Please go to %s and authorize access.' % authorization_url)
authorization_response = map(str, input('Enter the full callback URL: '))

token = oauth.fetch_token(
        'https://oauth2.googleapis.com/token',
        authorization_response=authorization_response,
        # Google specific extra parameter used for client
        # authentication
        client_secret=client_secret)
print(token)

But I have not found in documentation whether it supports authorization with PKCE. I am not sure where to pass my code_challenge and code_challenge_method variables in the request above.

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:6 (1 by maintainers)

Top GitHub Comments

4reactions

mattbaker-digitalcommented, Jun 17, 2020

I’ve decided to take a stab at adding this functionality to the library. I’ll create a PR when it’s ready.

0reactions

mooredscommented, Nov 10, 2020

thanks @mattbaker-digital !

We ended up working around this by just manually making the fetch token call. Anyone else interested can check out the PR here: https://github.com/FusionAuth/fusionauth-example-flask-portal/pull/1

Top Results From Across the Web

Authorization Code Flow with Proof Key for Code Exchange ...

The PKCE-enhanced Authorization Code Flow introduces a secret created by the calling application that can be verified by the authorization server ; this...

Implement the OAuth 2.0 Authorization Code with PKCE Flow

PKCE works by having the app generate a random value at the beginning of the flow called a Code Verifier. The app hashes...

OpenId Connect Auth Code Flow + PKCE - OneLogin API

The Authorization Code Flow + PKCE is an OpenId Connect flow specifically designed to authenticate native or mobile application users.

Auth Code Flow with PKCE - Medium

The Authorization Code Flow + PKCE is an OpenId Connect flow specifically designed to authenticate public client applicationcs (native or mobile) application ...

Authorization Code Flow With PKCE - Cloudentity

Authorization code grant with the Proof Key of Code Exchange (PKCE) is an extension of the standard authorization code grant OAuth flow.