auth.py - call to token endpoint still seems to use the deprecated implicit grant flow #126
Comments
mgold-greenway
changed the title
|
One thing that helped me figure out what caused my 400 error was to add the following to my flask app. It prints the http headers, request and response in the console: |
|
Hi @mgold-greenway, sure it's a possibility, pull requests welcome! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was trying to get the flask app running and noticed during the OAuth process that even after we get an auth code, the 'state' parameter used to obtain the auth code is then being sent by the flask app when POSTing to the auth server's token endpoint. In my case our token endpoint returns a 400 because it does not support the state parameter - which was used in the now-deprecated implicit grant flow. https://oauth.net/2/grant-types/implicit/
Commenting out the state param in auth.py - line 265, in _code_exchange_params() - was my workaround. Once I did that, my token endpoint issued me a token. But I think for the sake of completeness, support for PKCE is needed... https://oauth.net/2/pkce/
Is this a possibility?
The text was updated successfully, but these errors were encountered: