Closed paulspencerwilliams closed 4 years ago
KtorZ
commented
4 years ago Hey @paulspencerwilliams :) Thanks for the heads up! We should definitely update the README and highlight this recommendation. Not much to be done at the library-level however which already supports all 4 grants covered by OAuth 2.0!
dje
commented
4 years ago Apparently PKCE is an extension to the Authorization Code flow. It seems this library would be a place to implement that extension as well, no?
KtorZ
commented
4 years ago Sounds like a good idea indeed!
KtorZ
commented
4 years ago Done!
https://github.com/truqu/elm-oauth2/releases/tag/7.0.0
Live Demo with Auth0 here:
https://github.com/truqu/elm-oauth2/tree/master/examples/providers/auth0
paulspencerwilliams
commented
4 years ago Thank you!!
Having spent the last few months fumbling around OpenID Connect / OAuth2 on a variety of native and mobile apps, I've discovered the IETF now strongly recommend authorization code flow with PKCE, over implicit flow. This is specified on their website: https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-02
I've only just started learning Elm so an unable to offer a PR in the short term, but am happy to help out, and possibly offer one over the coming months.