Add PKCE support with oauthlib 3.2.0

requests / requests-oauthlib

OAuthlib support for Python-Requests!

https://requests-oauthlib.readthedocs.org/

ISC License

1.72k stars 424 forks source link

Add PKCE support with oauthlib 3.2.0 #497

Closed JonathanHuot closed 7 months ago

JonathanHuot commented 2 years ago

Since oauthlib 3.2.0 now supports PKCE for Clients (https://github.com/oauthlib/oauthlib/releases/tag/v3.2.0), this PR proposes a first implementation . Any feedbacks are welcome, I'm not sure it is production ready yet.

Change from: session = OAuth2Session(client_id) to session = OAuth2Session(app.client_id, pkce="S256")

And be sure to reuse the same session for fetch_token, as it will need to remember code_verifier. It is not really practical beyond PoC, so any suggestions are welcome.

coveralls commented 7 months ago

coverage: 90.406% (-0.2%) from 90.584% when pulling 596beb59c47849c1c9da427370faf3a62fa2be19 on pkce into 424adf0d7906828ccf91fb2b228c3480cec91054 on master.