dart-lang
Optionally remove secret from get token request
Microsoft identity platform's authentication flow for native & single page apps requires that the post request to get an access token has no client secret in it (See the client_secret description in the table of this section in the documentation).
For this reason, I have implemented an optional parameter for AuthorizationCodeGrant.handleAuthorizationResponse (and in turn, the _handleAuthorizationCode method aswell) to control whether the client secret should be included in this post request.
- [✓] I’ve reviewed the contributor guide and applied the relevant portions to this PR.
Contribution guidelines:
- See our contributor guide for general expectations for PRs.
- Larger or significant changes should be discussed in an issue before creating a PR.
- Contributions to our repos should follow the Dart style guide and use
dart format. - Most changes should add an entry to the changelog and may need to rev the pubspec package version.
- Changes to packages require corresponding tests.
Note that many Dart repos have a weekly cadence for reviewing PRs - please allow for some latency before initial review feedback.
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
![google-cla[bot] avatar](https://avatars.githubusercontent.com/in/42202?v=4 "Published by a pub.dev verified publisher"){kind=small}
As this repo has moved to https://github.com/dart-lang/tools/tree/main/pkgs/oauth2, please refile the PR there. Thanks!
