-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added code verifier as a parameter. #18
Changes from 4 commits
c756bcf
7a2b774
6c23f4c
e0dc757
11a068e
ea09c68
309f7ec
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
{ | ||
"uri": "/oauth2/token", | ||
"comments": [ | ||
"Exchanges an OAuth authorization code for an access token.", | ||
"If you will be using the Authorization Code grant, you will make a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token." | ||
], | ||
"method": "post", | ||
"methodName": "exchangeOAuthCodeForAccessToken", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Generally, this is the same as the file name, or is this intentionally overloading the method w/ an additional parameter? If so, that is ok, but we will need to ensure it doesn't break other client libs. Not all of them have the same naming rules that Java has, so you'll want to run a build of all client libs with this and see if they tolerate this or if they fail indicating they have duplicate signatures. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Happy to go with convention and avoid overloading issues. |
||
"successResponse": "AccessToken", | ||
"errorResponse": "OAuthError", | ||
"anonymous": true, | ||
"params": [ | ||
{ | ||
"name": "code", | ||
"comments": [ | ||
"The authorization code returned on the /oauth2/authorize response." | ||
], | ||
"type": "form", | ||
"javaType": "String" | ||
}, | ||
{ | ||
"name": "client_id", | ||
"comments": [ | ||
"(Optional) The unique client identifier. The client Id is the Id of the FusionAuth Application in which you you are attempting to authenticate. This parameter is optional when the Authorization header is provided." | ||
], | ||
"type": "form", | ||
"javaType": "String" | ||
}, | ||
{ | ||
"name": "client_secret", | ||
"comments": [ | ||
"(Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header." | ||
], | ||
"type": "form", | ||
"javaType": "String" | ||
}, | ||
{ | ||
"name": "grant_type", | ||
"comments": [ | ||
"The grant type to be used. This value must be set to authorization_code" | ||
], | ||
"type": "form", | ||
"javaType": "String", | ||
"constant": true, | ||
"value": "authorization_code" | ||
}, | ||
{ | ||
"name": "redirect_uri", | ||
"comments": [ | ||
"The URI to redirect to upon a successful request." | ||
], | ||
"type": "form", | ||
"javaType": "String" | ||
}, | ||
{ | ||
"name": "code_verifier", | ||
"comments": [ | ||
"The random string you generated previously if you are using PKCE. Will be compared with the code_challenge you sent previously, which allows the OAuth provider to authenticate your app." | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
This may need to be split up into separate lines to ensure formatting comes out ok. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Your description is actually fine... but the "if you are using PKCE" threw me. Not sure why you would use this method if you aren't using PKCE? Unless we want to eventually deprecate the other method and use this one regardless of if they user is making the request with PKCE. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Removed 'if you are using pkce' |
||
], | ||
"type": "form", | ||
"javaType": "String" | ||
} | ||
] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we update this to indicate this version of the API takes the
code_verifier
for PKCE?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, good catch.