Closed n2ygk closed 1 month ago
@s1monj the testapp2 screenshot shows a client secret. Are you sure it's blank?
@n2ygk ahhhhh can't believe I didn't try that! That was all I needed thanks! I guess because the Client Secret is auto-populated by the UI, I was in the mindset that every app has a client secret, and it's just up to the "Client type" to determine if the client must send it or not. I never thought of saving a blank secret, and now it makes total sense. Really appreciate your help with this!
Phew. Glad that's all it was.
I'm trying to achieve an Authorization Code with PKCE flow and public client for a Single Page web App (that can't keep a client_secret safe). I am using the latest release 2.4.0 but having the same issue described above.
Client type = Public
Grant type = Authorization code
andAlgorithm = RSA 256
(because I'm using OIDC) - screenshot belowPKCE_REQUIRED
true and false@n2ygk do you (or anyone else) have any ideas as to what I might be doing wrong?
Originally posted by @s1monj in https://github.com/jazzband/django-oauth-toolkit/issues/1092#issuecomment-2125615245