AuthorizationCodeGrant with PKCE should be optional #114
Comments
|
I would like to second on this request. I am currently working with an API that does not properly support PKCE, so I had to create my own fork of the package to make it work. I would be handy, if I could just have an optional boolean parameter to disable PKCE when constructing my AuthorizationCodeGrant. |
|
Agree! Had the same problem with Salesforce... |
|
I had the same issue as amsgo and khal-it with splits.io. I've opened a PR for it, here's hoping. #175 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think adding code_challenge and code_challenge_method to the URL query should be optionally disabled. Authorization Code Grant with PKCE is recommended so that it can be enabled by default, but the flow without the PKCE is a valid OAuth2 standard.
This comes in handy if you only want to get the authorization code and send it to your APIs, which continue the OAuth2 flow (use as a web application).
The text was updated successfully, but these errors were encountered: