Add support for public clients and PKCE [#3487650]

Problem/Motivation

Social Auth currently only supports OAuth2 for private clients with a client ID and secret key. Public clients using Proof Key for Code Exchange (PKCE) use only a public client ID and no secret key.

Proposed resolution

Add support for getting and setting a PKCE code that can be used by the underlying OAuth2 client for code challenge and verification.

Remaining tasks

Create and merge a PR.

API changes

Add a new uses_public_client_id option to the network plugin configuration. Implementers can use this option to indicate their client uses a public Client ID and does not require a secret key,

Issue fork social_auth-3487650

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3487650-add-support-for changes, plain diff MR !33
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Issue #3487650 by wells: Add support for public clients and PKCE

Comment #4

wells

he/him/his

English

Seattle, WA

commented 15 November 2024 at 03:47

Status:

Active

» Fixed

Comment #5

29 November 2024 at 03:49

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Add support for public clients and PKCE

Problem/Motivation

Proposed resolution

Remaining tasks

API changes

Issue fork social_auth-3487650

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community