search

discord / discord-api-docs

Official Discord API Documentation
https://discord.com/developers/docs/intro
Other
5.96k stars 1.26k forks source link

Missing documentation/mention of OAuth2 PKCE support #5254

Open MazeXP opened 2 years ago

MazeXP commented 2 years ago

Description

The OAuth2 topic of the developer documentation does not mention that PKCE is supported. Relevant comment by night that mentions PKCE support: https://github.com/discord/discord-api-docs/issues/450#issuecomment-352309951

Steps to Reproduce

View OAuth2 topic in documentation and search for PKCE.

Expected Behavior

PKCE should be mentioned that it is supported by Discord OAuth2. Some information about usage of PKCE.

Current Behavior

PKCE is not mentioned at all in OAuth2 topic.

karashiiro commented 2 years ago

Adding on to this, when this documentation is written, please note the length/format requirements for the additional parameters under section 4 of RFC 7636. Several major OAuth2 providers (GitHub, GitLab, Google, Facebook) are more permissive than the spec dictates, making Discord a bit of an exception here (in a good way).

I just spent several hours trying to figure out what {"error": "invalid_request", "error_description": "Invalid \"code_verifier\""} meant before going to the spec and realizing that code_verifier needs to be at least 43 characters. The other providers didn't seem to care.

jameshschuler commented 1 year ago

Any updates on the documentation updates for PKCE support? Thanks!

netthier commented 1 year ago

I thought this was unsupported for the longest time. At least a mention of this being supported would be useful.