Closed noxify closed 6 months ago
Is it possible to use confidential client instead?
thanks for the quick reply.
Is it possible to use confidential client instead?
Have to check this - thanks for the hint.
Checked it - Unfortunately I can't use the confidential client in this case, because the shown code is not hosted on a server - it's running locally. ( currently working on a POC at work which uses lucia, here I can use the confidential client and I do not have the problem )
what's the usecase for this:
We have an api which supports the authorization code flow and client credentials flow. We mentioned that postman disabled the option to set the headers for the token request if you're not signed in.
Based on this, we created a this script to give the user the option to generate the access token which can be used later in the api request.
While writing the usecase, I realized that this could be an edge case and using an other api client to test the api locally via the authorization code flow could solve the problem 🙈
Feel free to close this issue, if you do not plan to support headers for the authorization code flow.
Makes sense. All the providers here are mostly for the server. I guess this is expected behavior but feel free to create a new feature request for an Entra Provider for public clients
Hi,
while testing the library with entra id, I got the following error while trying to get the tokens:
Would it make sense the add a additional option to the
validateAuthorizationCode
method to set the required headers?My current workaround is to create my own token request.
Not sure if this is a problem with all providers, but based on what I have seen, it seems that EntraID needs the
origin
header in the token request if we use a "public client".Not sure if it helps, but here the code which I have used to test it. ( used hono via
npm create hono@latest
and updated thesrc/index.ts
with the code below )