On Fri, Apr 19, 2019 at 4:58 AM Abhishek Patel ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In tests/test_authorization_code.py <#678 (comment)> : > + """ + Helper method to retrieve a valid authorization code using pkce + """ + oauth2_settings.PKCE_REQUIRED = True + authcode_data = { + "client_id": self.application.client_id, + "state": "random_state_string", + "scope": "read write", + "redirect_uri": "http://example.org", + "response_type": "code", + "allow": True, + "code_challenge": code_challenge, + "code_challenge_method": code_challenge_method, + } + + response = self.client.post(reverse("oauth2_provider:authorize"), data=authcode_data) I had a quick question about this. Shouldn't this be a GET request? I have been trying to get pkce to run against master but couldn't get it to work. I would appreciate any pointers no how to get it working. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#678 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABBHS52XI5JMSTPN3NGDN7DPRGCU7ANCNFSM4GKUGSNA> .

Yes, GET and optionally POST. https://tools.ietf.org/html/rfc6749#section-3.1 On Fri, Apr 19, 2019 at 4:58 AM Abhishek Patel ***@***.***> wrote: > ***@***.**** commented on this pull request. > ------------------------------ > > In tests/test_authorization_code.py > < #678 (comment) > > : > > > + """ > + Helper method to retrieve a valid authorization code using pkce > + """ > + oauth2_settings.PKCE_REQUIRED = True > + authcode_data = { > + "client_id": self.application.client_id, > + "state": "random_state_string", > + "scope": "read write", > + "redirect_uri": "http://example.org", > + "response_type": "code", > + "allow": True, > + "code_challenge": code_challenge, > + "code_challenge_method": code_challenge_method, > + } > + > + response = self.client.post(reverse("oauth2_provider:authorize"), data=authcode_data) > > I had a quick question about this. Shouldn't this be a GET request? I have > been trying to get pkce to run against master but couldn't get it to work. > I would appreciate any pointers no how to get it working. > > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > < #678 (review) >, > or mute the thread > < https://github.com/notifications/unsubscribe-auth/ABBHS52XI5JMSTPN3NGDN7DPRGCU7ANCNFSM4GKUGSNA > > . > — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#678 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABKEVQNNI2LUVDJKXX4KXNDPRGWVZANCNFSM4GKUGSNA> .

On Fri, Apr 19, 2019, 9:06 AM Gustavo Maronato ***@***.*** wrote: This is odd. This pull request does not change anything related to how the requests are handled. It only adds new fields to the existing ones. Would you mind sharing how you are making the requests? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#678 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABKEVQPYFRLH3W34U4ZMFH3PRHUZZANCNFSM4GKUGSNA> .

On Fri, Apr 19, 2019, 10:19 AM Gustavo Maronato ***@***.*** wrote: I just tested it and you are correct. I was under the impression that oauthlib would capture PKCE credentials, but it doesn't. I've submitted a PR fixing the issue: #707 <#707> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#678 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABKEVQOWW2SETCB3EY2UTV3PRH5JXANCNFSM4GKUGSNA> .