oauth2 icon indicating copy to clipboard operation
oauth2 copied to clipboard

Published 20 hours ago verified publisher icon dart-lang

Using library with redirect

Open nigeltiany opened this issue 4 years ago • 11 comments

This library is not friendly to code authorization flow with browser redirect. This might have been possible when this issue was first raised https://github.com/dart-lang/oauth2/issues/39 but with the introduction of PKCE, the code verifier will not pass when a new Grant object is created.

Not an OAuth pro but maybe the library could make the _State class public with other helper methods such as toJson and fromJson. It can also contain fields such as code_verifier, code_challenge_method, and state. Clients that cannot open a popup or persist state after redirecting can persist _State then call AuthorizationCodeGrant.FromState and resume the code flow.

Or maybe have a way to a have repeatable code_challenges by using the state and UUID.v5

https://github.com/dart-lang/oauth2/blob/d60da4dc391b807a3adb319de6d6493cb36d6760/lib/src/authorization_code_grant.dart#L344

nigeltiany avatar Sep 09 '20 07:09 nigeltiany