30 Jul
2020
30 Jul
'20
2:42 p.m.
Hi, We’ve had some requests to add PKCE [1] to the interactive claims gathering flow [2], eg example for public clients. Technically, there is little challenge to directly apply the PKCE code challenge/verifier, with the assumption that the authorization code is equivalent to the uma ticket Has anyone done this? Any additional considerations? Thanks, - Alec Alec Laws 647 822 1529 alec@identos.ca [1] PKCE: https://tools.ietf.org/html/rfc7636 https://tools.ietf.org/html/rfc7636 [2] https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html#claim... https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-grant-2.0.html#claim...