-
Notifications
You must be signed in to change notification settings - Fork 34
Authorization Code Grant Flow with PKCE #16
Comments
any luck with this - I am not sure how to use the access token provided as it doesn't look like a full JSON token - and the documentation seems to be quite lacking on this front - any ideas? |
Hi @BenjaminWatts. Your issue may be unrelated to the lack of support of At least with Auth0, my understanding is: to get a JWT |
I'm also very interested in this. Has anyone gotten this working in a reasonable way? |
@zth If you have access to a high quality random number source (which afaik is not available in non-ejected expo), you can do something like this:
|
To follow up on this, for what it's worth, we decided to make use of a public endpoint that would return the verifier and challenge. We have an express endpoint serve the following. It's not great, but works for now. Most of our users only ever log in once.
|
Thank you for the responses! I ended up doing the same thing, exposing an endpoint for the challenge/verifier. I think expo is working on supporting a native crypto module that can get safe random numbers, so I'll migrate to that whenever that's available. But the endpoint is fine for now for me at least. Thanks! |
Doesn't exposing an endpoint for challenge/verifier defeat the purpose of signing with PKCE? |
hi there, is there any update here? this is still an issue and it's impossible to get a refresh token with social login (Google) without using PKCE flow, and we don't have crypto module available until SDK33... :( |
Expo SDK 33 has been released now and comes with https://www.npmjs.com/package/expo-random |
came up with this Expo solution based on the JavaScript example in the Auth0 Doc:
|
Hey there, I'd like to request input or discussion on using Auth0's PKCE flow that allows for a refresh token in addition to the standard id token and access token.
The standard Implicit flow works fine, as demonstrated in the example code. This flow is important in mobile applications, and example here would be extremely valuable and helpful for those using the Expo flavor of React Native and integrating with Auth0. Their documentation makes use of the Node
crypto
library, which appears to be unavailable in a React Native app.The text was updated successfully, but these errors were encountered: