PKCE is enabled so don't have client_secret- value but this library gives Null pointer exception in this case.

openid / AppAuth-Android

Android client SDK for communicating with OAuth 2.0 and OpenID Connect providers.

https://openid.github.io/AppAuth-Android

Apache License 2.0

2.83k stars 883 forks source link

PKCE is enabled so don't have client_secret- value but this library gives Null pointer exception in this case. #1063

Open RaginiSingh opened 4 months ago

RaginiSingh commented 4 months ago

Hello,

I have implemented project having PKCE enabled. In this case, we don't have CLIENT_SECRET value. This library does not works without CLIENT_SECRET value. It gives Null Pointer exception. How to use this library without CLIENT_SECRET key.

It's mentioned in readme doc that use of client_secter is dangerous but it does not works without this.

achakra21 commented 4 months ago

Are you able to solve this ..

dIeGoLi commented 1 month ago

I am using this library with PKCE and without a client secret and it works without a problem.

Using a client Secret in a installed/deployed App is not dangerous but senseless because anyone could read the client secret from the deployed package. Using PKCE is recommended in this case.