Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Challenge is missing when Code Challenge Method is s256 #90

Open
tansanDOTeth opened this issue Mar 21, 2024 · 0 comments
Open

Code Challenge is missing when Code Challenge Method is s256 #90

tansanDOTeth opened this issue Mar 21, 2024 · 0 comments

Comments

@tansanDOTeth
Copy link

tansanDOTeth commented Mar 21, 2024
edited

Currently, when setting the challenge method to s256, it does not respect the code_challenge provided. For this reason, I won't be able to send a code_verifier later to the oauth authorizer for a proper token exchange.

Specific to the code here: https://github.com/twitterdev/twitter-api-typescript-sdk/blob/0d12a20a76d6dd9c346decf9cc80bc611975d43f/src/OAuth2User.ts#L45C2-L58C7

It should be:

export type GenerateAuthUrlOptions =
    {
      /** A random string you provide to verify against CSRF attacks.  The length of this string can be up to 500 characters. */
      state: string;
      /** A PKCE parameter, a random secret for each request you make. */
      code_challenge: string;
      /** Specifies the method you are using to make a request (S256 OR plain). */
      code_challenge_method: "plain" | "s256";
    };

Related Spec:
https://www.rfc-editor.org/rfc/rfc7636#section-4.6
@tansanDOTeth tansanDOTeth changed the title Code Challenge is missing when Code Challenge Method is plain Code Challenge is missing when Code Challenge Method is s256 Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tansanDOTeth