restsharp / RestSharp

Simple REST and HTTP API Client for .NET
https://restsharp.dev
Apache License 2.0
9.64k stars 2.34k forks source link

OAuth2 with PKCE web flow authentication Authenticator #2001

Open uddhavchopade opened 1 year ago

uddhavchopade commented 1 year ago

Please try to add OAuth2 with PKCE web flow Authentication in our Authenticators

alexeyzimarev commented 1 year ago

RestSharp doesn't have explicit support for any OAuth2 flow due to major differences in implementation between API vendors. If people start producing sample implementations for different OAuth2 scenarios, it might be possible to make a generic implementation of it.

kalllol-1 commented 1 year ago

@alexeyzimarev This flow is considered best practice when using Single Page Apps (SPA) or Mobile Apps. Please note that you should be able to implement a vendor-agnostic OIDC flow using /.well-known/openid-configuration. https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest We live in a world of ZERO Trust and it is irresponsible approach to support only confidential oauth2 client credentials flow from a popular component like RestSharp!

alexeyzimarev commented 1 year ago

Like I said, someone should do it. If there a commercial interest to do it, it's possible to open a mid-size bounty for this feature.