Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use Flow.authorizationCodeWithPKCE for browser based clients #108

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

use Flow.authorizationCodeWithPKCE for browser based clients #108

wants to merge 1 commit into from

Conversation

pitabwire
Copy link

PR to resolve : #91

@pitabwire
Copy link
Author

@rbellens I didn't handle backwards incompatibility with this change, Though I can incooporate any improvements deemed fit

@alex27riva
Copy link

Hi, I'm developing a Flutter web app using openid_client with Oauth2 authentication with PKCE, as I understand the library uses Implicit Flow, does this PR fix this?
Also do you have some examples on how to use it?
Thanks

@wagnervf
Copy link

I'm in the same situation, I need PKCE authentication, does anyone know how to do it?

@RousseauRemi
Copy link

RousseauRemi commented Nov 25, 2024
edited
Loading

I am not a long date flutter dev, but you should maybe keep the possibility to do the implicit workflow using something like : (And adding an example at least on the flutter example for app and web)


class OIClientFlowConfig{
  Iterable<String> scopes = const [];
  String? prompt;
}
class ImplicitOIClientFlowConfig implements OIClientFlowConfig{
  @override
  String? prompt;
  @override
  Iterable<String> scopes = const [];
  String? device;
}
class PCKEOIClientFlowConfig implements OIClientFlowConfig{
  @override
  String? prompt;
  @override
  Iterable<String> scopes = const [];
  String? codeVerifier;
  Map<String, String>? additionalParameters;
}
class Authenticator {
  Authenticator(Client client,
      {OIClientFlowConfig config, required FlowType flowType})
      : this._(_createFlow(client, config, flowType));

  static Flow _createFlow(Client client, OIClientFlowConfig config, FlowType flowType) {
    if (flowType == FlowType.implicit) {
      var implicitConfig = (config as ImplicitOIClientFlowConfig);
      return Flow.implicit(client,
          device: implicitConfig.device,
          state: window.localStorage['openid_client:state'],
          prompt: implicitConfig.prompt)
        ..scopes.addAll(implicitConfig.scopes)
        ..redirectUri = Uri.parse(window.location.href).removeFragment();
    } else if (flowType == FlowType.authorizationCodeWithPcke) {
      var pckeConfig = (config as PCKEOIClientFlowConfig);
      return Flow.authorizationCodeWithPcke(client,
          codeVerifier: pckeConfig.codeVerifier,
          additionalParameters: pckeConfig.additionalParameters)
        ..scopes.addAll(pckeConfig.scopes)
        ..redirectUri = Uri.parse(window.location.href).removeFragment();
    } else {
      throw UnsupportedError('Unknown flow type: $flowType');
    }
  }
}

@RousseauRemi
Copy link

And what is done actually is only a part of the authentication code flow with pcke. here you get the authentication code, but you don't get the access token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Question] - Authenticator for authorization code
4 participants
@pitabwire @alex27riva @wagnervf @RousseauRemi