User story: Working Authorization Code flow

Question

User story: Working Authorization Code flow

nbarbettini opened this issue 7 years ago · 4 comments

nbarbettini commented 7 years ago

Given

The user enters valid parameters and picks the code response_type
The OIDC server is working and sends back a valid code response: http://localhost:5000/debug?code=foobar123&state=somedata987

The application should

Display the code and state in the Callback view
Provide a copy/paste-able POST request to the /token route to redeem the code for tokens

nbarbettini commented 7 years ago

Done!

Answer 1 · 2018-11-07T14:58:13.000Z

Maybe I'm asking too much, but what about implementing the rest of the flow? i.e. redeeming the authorization code for an access token (and possibly a refresh token), maybe with PKCE support...

Answer 2 · 2018-12-28T19:38:05.000Z

@thomaslevesque I'm a fan of your blog! 🙂 Thanks for the suggestion.

I kept the rest of the flow out of scope, because I do not want anyone to ever share their client secrets with my debugger tool. However, PKCE would work. Captured as a feature request here: #39

I don't have much time to work on this tool these days, so I won't be able to build it right away.

Answer 3 · 2018-12-30T11:47:07.000Z

I kept the rest of the flow out of scope, because I do not want anyone to ever share their client secrets with my debugger tool.

Ah, yes, that makes sense.

I don't have much time to work on this tool these days, so I won't be able to build it right away.

Sure, no rush 😉