Extract code_challenge_methods_supported from discovery JSON

coreos / go-oidc

A Go OpenID Connect client.

Apache License 2.0

1.92k stars 393 forks source link

Extract code_challenge_methods_supported from discovery JSON #401

Closed mitar closed 9 months ago

mitar commented 9 months ago

By at least extracting code_challenge_methods_supported we could know if the provider supports PKCE. Then one can use oauth2.S256ChallengeOption to add challenge to the AuthCodeURL.

mitar commented 9 months ago

Oh, I can use provider.Claims to extract that:

var claims struct {
    CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
}
err := provider.Claims(&claims)
if err != nil {
    panic(err)
}
supportsPKCE := slices.Contains(claims.CodeChallengeMethodsSupported, "S256")