Add PKCE support
mattmalcher opened this issue · 2 comments
Curious about the current status of this package, have a requirement to authenticate to Azure AD using Auth Code + PKCE flow which is not supported as-is.
Basically looking to understand:
- chances of someone adding pkce flow / moving this package to httr2
- chances of being able to make a pull request & have it accepted, and update the package on CRAN
From what I can tell hongooi73 has moved on from microsoft.
I can see there is a branch and issue working on implementing httr2, but the last activity is Oct 21.
It doesn't look like pull requests are being accepted #71
Is the best approach to fork?
Note I'm still around, although I've been less active recently. Do you have specific functionality in httr2 that isn't present in the current package?
Glad to hear it :) Sorry if I'm misunderstanding the question, but:
The functionality that is in httr2, that I don't believe is in the current version of AzureAuth is the ability to use the auth code + PKCE flow.
My reason for thinking this was the lack of a flag for PKCE and that I understand the current package is based on httr's OAuth implementation, which while it supports auth code, does not support auth code + pkce. (r-lib/httr#705).
Because I am required to use PKCE I am using something like the following to construct my graph requests manually:
client <- httr2::oauth_client(
id = client_id,
token_url = paste0(
"https://login.microsoftonline.com/", tenant_id, "/oauth2/v2.0/token"
)
)
httr2::req_oauth_auth_code(
req,
client = client,
auth_url = auth_url,
**pkce=TRUE**
) I have used the httr2 branch you put together successfully (thank you!), but its harder to use where I need to use it, while it remains as a branch, not in CRAN.
I guess I was hoping it might be possible to get that branch merged in, if not, no worries and thanks either way, really appreciate that this package exists and feel cheeky asking for more!