fastify-oauth2 icon indicating copy to clipboard operation
fastify-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon fastify

Proof Key for Code Exchange (PKCE)

Open ilijaNL opened this issue 3 years ago • 2 comments
trafficstars

Prerequisites

  • [X] I have written a descriptive issue title
  • [X] I have searched existing issues to ensure the issue has not already been raised

Issue

Hello, i wonder how this libary is dealing with Proof Key for Code Exchange (https://oauth.net/2/pkce/). As I understand correctly and checking out the code there is a generateStateFunction and checkStateFunction which is used to compare the state object (once generated on startup). To apply PKCE, do I need to implement my own generateStateFunction & checkStateFunction or is pkce already covered?

ilijaNL avatar Aug 05 '22 04:08 ilijaNL

Thanks for asking. The simple answer is that you likely know more about oauth2 than the maintainers of this library. We use https://www.npmjs.com/package/simple-oauth2 internally.

mcollina avatar Aug 05 '22 07:08 mcollina

I noticed, I will raise a issue there. Thanks

Edit: https://github.com/lelylan/simple-oauth2/issues/399

ilijaNL avatar Aug 05 '22 10:08 ilijaNL