How to use PKCE with code flow

[maxstue]

For a project I need to implement OIDC with code flow and pkce and on this projects readme it says that it is supported. But i can't find any settings for the "code_challange" and "code_challenge_method" options, wich from my understanding are needed.

How do I set them ?

[pamapa]

This library does the PKCE code flow itself. It is doing so by default. All you need to setup is documented here: https://authts.github.io/oidc-client-ts/#configuration

Basically: authority, client_id and redirect_uri

[maxstue]

Thanks for the quick response :) It wasn't clear for me that it is doing it by it self, maybe you could add a hint somewhere in the readme?

[pamapa]

This code is handling the PCKE: https://github.com/authts/oidc-client-ts/blob/main/src/TokenClient.ts

[maxstue]

Okay, I'm new to oidc and pkce but your the code only the "code_verifier" is mentioned, shouldn't there be the "code_challange" and "code_challange_methode" options as well?

And as a user of this package I would like to read the readme/docu and have all relevant infos, like that it is doing pkce automatically and not need to look through the code to find out that it is doing it by it self.

[pamapa]

Would be nice if you can extend the documentation. A MR is welcome for this...

[satanshiro]

Is it possible to disable pkce? I can't seem to find the option in code

[pamapa]

For Authorization Code Grant PKCE is fundamental and can not be disabled. For Resource Owner Password Credentials Grant its not used. For the later you will need to all a different function within the UserManger. However the later flow is not good for exposed application within browsers...

[pamapa]

documentation has been improved since