rectifyer
commented
2 years ago I enabled PKCE on https://staging.trakt.tv, please try it out there and let me know if it is working as expected.
Closed Axort closed 1 year ago
rectifyer
commented
2 years ago I enabled PKCE on https://staging.trakt.tv, please try it out there and let me know if it is working as expected.
Axort
commented
1 year ago Sorry, went silent for a while. I'll look into it as soon as I can, do you have some API documentation for staging?
rectifyer
commented
1 year ago Support for PKCE was added to the live API several months ago, just closing up this issue.
kdb13
commented
6 months ago Can anyone please tell where in the API docs the PKCE flow is mentioned? I am developing a CLI and would like to use this flow.
kdb13
commented
6 months ago Can anyone please tell where in the API docs the PKCE flow is mentioned? I am developing a CLI and would like to use this flow.
Just found that using the code_challenge and code_verifier params instead of client_secret works with the /oauth/authorize endpoint. But I think, it should still be mentioned in the API docs with a dedicated section under Authentication for PKCE.
kdb13
commented
6 months ago While PKCE works with the normal OAuth flow, I would like to know if it works with the Devices flow as well, which generates device codes and then asks for the access token.
kdb13
commented
6 months ago While PKCE works with the normal OAuth flow, I would like to know if it works with the Devices flow as well, which generates device codes and then asks for the access token.
Never mind. PKCE works with device flow as well.
Is there a plan to implement PKCE flow for oauth?