Hi, does this api use Authorization Code Flow with Proof Key of Exchange? - Githubissues

drudge / passport-facebook-token

Passport strategy for authenticating with Facebook access tokens using the OAuth 2.0 API.

MIT License

390 stars 80 forks source link

Hi, does this api use Authorization Code Flow with Proof Key of Exchange? #93

Closed KaizenTamashi closed 4 years ago

KaizenTamashi commented 4 years ago

Question

Hi, does this api use Authorization Code Flow with Proof Key of Exchange?

ghaiklor commented 4 years ago

You mean this one - https://github.com/drudge/passport-facebook-token/blob/master/src/index.js#L102 ?

KaizenTamashi commented 4 years ago

Hi @ghaiklor , i would like to know if passport-facebook-token uses the "Authorization Code Flow with Proof Key of Exchange" code verifier, code challenge. https://auth0.com/docs/flows/concepts/auth-code-pkce

ghaiklor commented 4 years ago

@1kvnlee we don't use Auth0 at all and I'm not recall that we were implementing it ourselves. Moreover, it seems like you do not understand the purpose of this package. We design it to fetch the profile information if you already have a token, not for obtaining one.

KaizenTamashi commented 4 years ago

@ghaiklor Thanks you are right. I think I should check the react native fbsdk since it is the one issuing the access token.