survirtual
How can we use Adal with PKCE?
According to the new guidelines (https://oauth.net/2/grant-types/implicit/), the implicit flow should be secured with PKCE. I made some research and this would mean two calls: https://login.microsoftonline.com/tenant_id/outh2/authorize endpoint by passing code_challenge along with other parameters in the body and gets the authorization code. And use that code and make a call to https://login.microsoftonline.com/tenant_id/outh2/token endpoint by passing code_verifier along with other parameters in the body and gets the token.
How can this be achieved with Adal in vue.js?
Adal JS doesn't have PKCE support, so you'd need to do it yourself. It's pretty easy to implement, just generate a random 32 bytes with Crypto.getRandomValues() and add that to the code_challenge on a post call to the authorize endpoint. Then, use the same value for the code_verifier and it should be good to go.
I'm not maintaining this lib anymore, not sure what to do with it since it could still be useful to people, so I don't think I'll be implementing this here.
