simple_auth icon indicating copy to clipboard operation
simple_auth copied to clipboard
verified publisher icon Clancey

Support PKCE: code_challenge is missing

Open tommed opened this issue 6 years ago • 1 comments

We have an IdentityServer4 service which when set to "Native" client mode uses PKCE (we understand this is the preferred method for code flows). PKCE uses a code hash to verify the code on the server.

When using this flow and simple_auth (and simple_auth_flutter) we get the error on our server: "code_challenge is missing".

Looking through the simple_auth code, we're thinking that it's not currently supported? Can someone confirm please? Is there a plan or a tweak to our code to provide support? Should we not be using PKCE?

tommed avatar May 30 '19 09:05 tommed

@tommed my PR was tested against Google's OAuth. Can you test my addition with your server? You will have to enable PKCE in your code, it is optional.

glachac avatar Jun 19 '19 18:06 glachac