rhertogh
rhertogh
@ramsey @D063520 > No one is currently working on it, but we do welcome pull requests. 😃 Pull request is on it's way: #901
@aadmathijssen > PS I am trying to use the OAuth 2.0 client in a PHP CLI application that should be rolled to multiple users. To avoid having the secret copied...
@aadmathijssen My warning was based on the remarks in the opening post, mainly: >... But for PKCE, I need to supply a code_verifier instead of a client_secret parameter. > ......
> Hi, this is great! Could you provide some documentation too, then I would try it out .... To enable PKCE set the `pkceMethod` to `'S256'` or `'plain'` (Note: plain...
@jcomack > Am I correct in my assumption that this will _not_ work when using the `GenericProvider` and one will have to roll their own version that implements the `AbstractProvider`?...
@davidwindell > what is the reason `getPkceMethod()` returns null in the AbstractProvider? Not all grant types support PKCE (actually only `authorization-code` supports it). Therefore it's disabled by default (PKCE is...
@davidwindell > ... I've tested and this all works well for us. The only gotcha was realising the PKCE code needs to be stored so it can be returned afterwards,...
@shadowhand Could you approve running workflows on this PR to validate the tests.
@ramsey I've added tests for the missing code coverage parts (should be 100% now). Could you trigger a build to see the results?
@ramsey Suggestions have been committed.