Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 with PKCE web flow authentication Authenticator #2001

Open
uddhavchopade opened this issue Jan 26, 2023 · 3 comments
Open

OAuth2 with PKCE web flow authentication Authenticator #2001

uddhavchopade opened this issue Jan 26, 2023 · 3 comments
Labels
authenticators Issues about existing or new implementation of Authenticators feature-request help wanted

Comments

@uddhavchopade
Copy link

uddhavchopade commented Jan 26, 2023
edited
Loading

Please try to add OAuth2 with PKCE web flow Authentication in our Authenticators
@alexeyzimarev
Copy link
Member

RestSharp doesn't have explicit support for any OAuth2 flow due to major differences in implementation between API vendors. If people start producing sample implementations for different OAuth2 scenarios, it might be possible to make a generic implementation of it.

@alexeyzimarev alexeyzimarev changed the title Please try to add OAuth2 with PKCE web flow Authentication in our Authenticators OAuth2 with PKCE web flow authentication Authenticator Apr 3, 2023
@alexeyzimarev alexeyzimarev added the authenticators Issues about existing or new implementation of Authenticators label Apr 3, 2023
@kalllol-1
Copy link

@alexeyzimarev
This flow is considered best practice when using Single Page Apps (SPA) or Mobile Apps. Please note that you should be able to implement a vendor-agnostic OIDC flow using /.well-known/openid-configuration.
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
We live in a world of ZERO Trust and it is irresponsible approach to support only confidential oauth2 client credentials flow from a popular component like RestSharp!

@alexeyzimarev
Copy link
Member

Like I said, someone should do it. If there a commercial interest to do it, it's possible to open a mid-size bounty for this feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
authenticators Issues about existing or new implementation of Authenticators feature-request help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexeyzimarev @uddhavchopade @kalllol-1