William Denniss William Denniss - 5 months ago 17
Android Question

How can I use the "plain" PKCE code challenge method with AppAuth?

By default, AppAuth sends a

S256
PKCE code challenge on auth requests. If I need to interoperate with a server that only supports the
plain
code challenge method, how can I configure my authorization request?

Answer

iOS: You can override the PKCE parameters by using the OIDAuthorizationRequest initWithConfiguration:clientId:scope:redirectURL:responseType:state:codeVerifier:codeChallenge:codeChallengeMethod:additionalParameters: constructor. This can be used to send a custom PKCE method (the library only supports S256).

// builds authentication request
NSString *codeVerifier = [OIDAuthorizationRequest generateCodeVerifier];
OIDAuthorizationRequest *request =
    [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
                    clientId:kClientID
                      scope:@"openid profile"
                 redirectURL:redirectURI
                responseType:OIDResponseTypeCode
                       state:[OIDAuthorizationRequest generateState]
                codeVerifier:codeVerifier
               codeChallenge:codeVerifier
         codeChallengeMethod:@"plain"
        additionalParameters:nil];

Android: You can override the PKCE parameters by adding setCodeVerifier(String, String, String) to your builder. This can be used to send a custom PKCE method (by default the library uses S256 on clients that have SHA-256 platform support).

import net.openid.appauth.CodeVerifierUtil;

String codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier();
AuthorizationRequest authRequest = new AuthorizationRequest.Builder(
    serviceConfig,
    CLIENT_ID,
    AuthorizationRequest.RESPONSE_TYPE_CODE,
    REDIRECT_URI)
    .setScope(SCOPE)
    .setCodeVerifier(codeVerifier, codeVerifier, "plain")
    .build();