Adrian_Santamaria | 2023-06-07 14:41:39 UTC | #1
Hello
I think I have discovered a mistake in the PKCE documentation.
There, it says that the app has to redirect to
https://login.mypurecloud.com/oauth/authorize?
client_id=<my-client-id>&
response_type=code&
redirect_uri=<http://example.com/oauth/callback>&
code_challenge=xxxx
However, I've tried it and it causes an invalid_request error. I think it is because the code_challenge_method parameter is missing, because if I instead use
https://login.mypurecloud.com/oauth/authorize?
client_id=<my-client-id>&
response_type=code&
redirect_uri=<http://example.com/oauth/callback>&
code_challenge=xxxx&
code_challenge_method=S256
it works fine.
As the RFC says, not including code_challenge_method implies it uses the default, plain, whereas it is using SHA256.
Could you check it, please? Thank you!
Ebenezer_Osei | 2023-06-12 20:13:28 UTC | #2
Hi,
Thank you for reporting this. I have informed the team in charge of the service. The documentation should be updated soon.
system | 2023-07-13 20:13:55 UTC | #3
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 20302