You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/misc/pkce.rst
+4-4Lines changed: 4 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ See :rfc:`Section 1 of RFC 7636 <7636#section-1.1>`.
38
38
39
39
.. _PKCE#authorizationRequest:
40
40
41
-
.. A:: The client creates and records a secret named the "code_verifier" and derives a transformed version "t(code_verifier)" (referred to as the "code_challenge"), which is sent in the OAuth 2.0 Authorization Request along with the transformation method "t_m".
41
+
A. The client creates and records a secret named the "code_verifier" and derives a transformed version "t(code_verifier)" (referred to as the "code_challenge"), which is sent in the OAuth 2.0 Authorization Request along with the transformation method "t_m".
42
42
43
43
The following shows an example of how a client could generate a `code_challenge`` and
44
44
``code_challenge_method`` for the authorizazion request.
@@ -95,7 +95,7 @@ If your Request body contains code_challenge and code_challenge_method then PKCE
95
95
96
96
.. _PKCE#authorizationResponse:
97
97
98
-
.. B:: The Authorization Endpoint responds as usual but records "t(code_verifier)" and the transformation method.
98
+
B. The Authorization Endpoint responds as usual but records "t(code_verifier)" and the transformation method.
99
99
100
100
The ``AuthorizeHandler.handle`` saves code challenge and code challenge method automatically via ``model.saveAuthorizationCode``.
101
101
Note that this calls your model with additional arguments ``codeChallenge`` and ``codeChallengeMethod``.
@@ -106,7 +106,7 @@ Note that this calls your model with additional arguments ``codeChallenge`` and
106
106
107
107
.. _PKCE#accessTokenRequest:
108
108
109
-
.. C:: The client then sends the authorization code in the Access Token Request as usual but includes the "code_verifier" secret generated at (A).
109
+
C. The client then sends the authorization code in the Access Token Request as usual but includes the "code_verifier" secret generated at (A).
110
110
111
111
This is usually done in your token endpoint, that uses ``OAuth2Server.token``.
112
112
Note that your client should have kept ``code_verifier`` a secret until this step and now includes it as param for the token endpoint call.
@@ -130,7 +130,7 @@ Note that your client should have kept ``code_verifier`` a secret until this ste
130
130
})
131
131
}
132
132
133
-
.. D:: The authorization server transforms "code_verifier" and compares it to "t(code_verifier)" from (B). Access is denied if they are not equal.
133
+
D. The authorization server transforms "code_verifier" and compares it to "t(code_verifier)" from (B). Access is denied if they are not equal.
134
134
135
135
This will call ``model.getAuthorizationCode`` to load the code.
136
136
The loaded code has to contain ``codeChallenge`` and ``codeChallengeMethod``.
0 commit comments