office-js had a major flaw for authorization code grant types,
it didn't send the correct payload for a token exchange
currently this fixes it by sending a correct application/x-www-form-urlencoded
request and also made it possible to configure PKCE by utilizing CryptoJS
Edit: after that I will probably take a look at refresh tokens, and might implement them as well. So that users won't need to re-login like they need in a setup with implicit flow
msftclas
commented
5 years ago
office-js had a major flaw for authorization code grant types, it didn't send the correct payload for a token exchange currently this fixes it by sending a correct application/x-www-form-urlencoded request and also made it possible to configure PKCE by utilizing CryptoJS
Edit: after that I will probably take a look at refresh tokens, and might implement them as well. So that users won't need to re-login like they need in a setup with implicit flow