PKCE Verifier in auth code exchange
karllhughes opened this issue · 0 comments
karllhughes commented
I noticed while setting up FusionAuth with a client-side only application that I don't believe this library supports the PKCE flow outlined here: https://fusionauth.io/learn/expert-advice/oauth/definitive-guide-to-oauth-2#52-code-flow--pkce
I think the exchangeOAuthCodeForAccessToken()
method in the FusionAuthClient should have a parameter for the code verifier in order to support this flow.
Let me know if I'm missing something, thanks!