PKCE support? | ww.wp.xz.cn

Resolved scmsteve
(@scmsteve)

6 years, 5 months ago

Is it possible to support PKCE so that mobile apps (and other cases where implicit flow may have been used) can use the full two-step auth flow but not have to store a client secret?

https://www.oauth.com/oauth2-servers/pkce/

Thanks,
Steve

Viewing 6 replies - 1 through 6 (of 6 total)

dj_angola
(@dj_angola)

5 years, 11 months ago

👍

Plugin Author Justin Greer
(@justingreerbbi)

5 years, 11 months ago

Hi,

WE have had multiple requests for this feature and have now started development to support PCKE.

As of now, PCKE will support both “plain” and “s256” challenge methods. New features will be accordance to https://tools.ietf.org/html/rfc7636. Proof Key for Code Challenge.

Thank you for your feedback and suggestions. We are expecting new features to be released in a couple of weeks at most.

pawesome
(@pawesome)

5 years, 7 months ago

Hi,

What is the status of this feature?

Thank you
Peter

Plugin Author Justin Greer
(@justingreerbbi)

5 years, 2 months ago

Just for future reference, since 4.1.7, PKCE support was added to the plugin for both “plain” and “S256” code challenge methods.

rogerthat321
(@rogerthat321)

5 years, 2 months ago

Where do you place the PKCE snippet from the documents for WP-auth?

Plugin Author Justin Greer
(@justingreerbbi)

5 years, 2 months ago

The snippets for PKCE found at https://wp-oauth.com/docs/how-to/wordpress-oauth-server-pkce-support/ are examples of how to use PKCE from a client end. PKCE support is added by default to the WordPress OAuth Server.

Depending on your client codebase, will determine how you implement the flow.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘PKCE support?’ is closed to new replies.

6 replies
5 participants
Last reply from: Justin Greer
Last activity: 5 years, 2 months ago
Status: resolved