You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Under section 5.1. “Authorization Challenge Request” the spec lists the “code_challenge” and the "code_challenge_method" as optional parameters. As this protocol establishes direct communication between the client and the AS I don’t see a real requirement to mention PKCE related parameters here. Please let me know if I have missed anything here.
As I understood, using these two parameters in the authorization challenge request is useful only when the client expects that it will have to perform a redirect based authorization flow and also the AS supports PAR capabilities through the authorization_challenge_endpoint. I think this will be an edge case and given the spec mentions it supports all extensions applicable to the authorization endpoint I don’t see a major need to specifically mention these two parameters under this section. I think this could also cause confusion to implementers.
The text was updated successfully, but these errors were encountered:
Under section 5.1. “Authorization Challenge Request” the spec lists the “code_challenge” and the "code_challenge_method" as optional parameters. As this protocol establishes direct communication between the client and the AS I don’t see a real requirement to mention PKCE related parameters here. Please let me know if I have missed anything here.
As I understood, using these two parameters in the authorization challenge request is useful only when the client expects that it will have to perform a redirect based authorization flow and also the AS supports PAR capabilities through the authorization_challenge_endpoint. I think this will be an edge case and given the spec mentions it supports all extensions applicable to the authorization endpoint I don’t see a major need to specifically mention these two parameters under this section. I think this could also cause confusion to implementers.
The text was updated successfully, but these errors were encountered: