Skip to content

Send client_id + client_secret in Authorization to TokenEndpoint #117

Answered by anthony-vito
JJRdec asked this question in Q&A
Discussion options

You must be logged in to vote

This library only supports RFC-7636 and is not applicable to the authorization code flows that OAuth2 lays out in RFC-6749. ( using client secrets ) that you are requesting.

The main concept at work here is that this is a "front end only" library that interacts directly with an authorization server to perform an authorization flow and get an access token. Being a front end only library there is no way to keep the client secret, well, secret! To meet this need, an extension to OAuth2, RFC-7636 "Proof Key for Code Exchange by OAuth Public Clients" was created. This library implements that specification.

If you want to use authorization code flows using client secrets you need to make sure y…

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by soofstad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
question Further information is requested
2 participants
Converted from issue

This discussion was converted from issue #108 on September 26, 2023 13:43.