url_for_oauth2_pkce and exchange_code_for_token with code_verifier is producing code verifier challenge failed

Question

url_for_oauth2_pkce and exchange_code_for_token with code_verifier is producing code verifier challenge failed

Closed this issue 8 months ago · 2 comments

url_for_oauth2_pkce and exchange_code_for_token with code_verifier is producing Code verifier challenge failed
I'm storing the plain secret from url_for_oauth2_pkce for later use.

Also I'm not sure if the function https://github.com/nylas/nylas-python/blob/v6.0.0-beta/nylas/resources/auth.py#L24-L26
is correct.

def _hash_pkce_secret(secret: str) -> str:
    sha256_hash = hashlib.sha256(secret.encode()).digest()
    return base64.b64encode(sha256_hash).decode()

I test it with nylas from the documentation https://developer.nylas.com/docs/developer-guide/v3-authentication/hosted-oauth-accesstoken/#constructing-a-code-challenge and got a different output.

I was expecting ZTk2YmY2Njg2YTNjMzUxMGU5ZTkyN2RiNzA2OWNiMWNiYTliOTliMDIyZjQ5NDgzYTZjZTMyNzA4MDllNjhhMg

This function

def _hash_pkce_secret(secret: str) -> str:
    sha256_hash = hashlib.sha256(secret.encode()).hexdigest()
    return base64.b64encode(sha256_hash.encode()).decode().rstrip("=")

does produce ZTk2YmY2Njg2YTNjMzUxMGU5ZTkyN2RiNzA2OWNiMWNiYTliOTliMDIyZjQ5NDgzYTZjZTMyNzA4MDllNjhhMg

for now I'm using it without pkce

Answer 1 · 2024-01-04T18:20:17.000Z

Thanks for pointing this out @wobeng, will add this fix for the next beta version.

Answer 2 · 2024-01-04T21:31:13.000Z

This fix is now released in v6 beta 8: https://pypi.org/project/nylas/6.0.0b8/