amsgo
commented
3 years ago I would like to second on this request. I am currently working with an API that does not properly support PKCE, so I had to create my own fork of the package to make it work. I would be handy, if I could just have an optional boolean parameter to disable PKCE when constructing my AuthorizationCodeGrant.
khal-it
JGM-edu
I think adding code_challenge and code_challenge_method to the URL query should be optionally disabled. Authorization Code Grant with PKCE is recommended so that it can be enabled by default, but the flow without the PKCE is a valid OAuth2 standard.
This comes in handy if you only want to get the authorization code and send it to your APIs, which continue the OAuth2 flow (use as a web application).