Can't hash PKCE with OAuth 2.0

nr09912 · 2024-04-21T15:17:14.046Z

Hello,
I use PHP to call my API. I use OAuth 2.0 PKCE, but there is a little problem : everything is fine if I use “plain” as code_challenge_method, but if I try to hash the code_verifier and use base64 for code_challenge, it’s doesn’t work

Content for authorize URL :
$codeVerifier = base64_encode(random_bytes(32));
$codeOptions = array(
“response_type”=>“code”,
“client_id”=>$API->Key,
“redirect_uri”=>$API->URL,
“scope”=>“users.read”,
“state”=>$state,
“code_challenge”=>$codeVerifier,
“code_challenge_method”=>“plain” (if I use $code_challenge=base64_encode(hash(“sha256”,$code_verifier)) and code_challenge_method=“S256” I got an error who say that the code_verifier doesn’t match when I try to get a token)
);

Content for token API :
“grant_type”=>“authorization_code”,
“code”=>$code,
“redirect_uri”=>$API->URL,
“code_verifier”=>$codeVerifier, (
“state”=>$state

Thank you a lot for your help

system · 2024-05-05T15:17:58.147Z

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.