Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs saying for PKCE said public to true? #1589

Open
hannojg opened this issue Oct 2, 2024 · 3 comments
Open

Docs saying for PKCE said public to true? #1589

hannojg opened this issue Oct 2, 2024 · 3 comments

Comments

@hannojg
Copy link

hannojg commented Oct 2, 2024

For the oauth flow the docs say that you need to set the public field to true to use PKCE. I think its the other way around? If you set it to "true" you don't get a client_secret, hence no PCKE?

Screenshot 2024-10-02 at 23 10 00
@hannojg
Copy link
Author

hannojg commented Oct 2, 2024

Or maybe i am misunderstanding, but when creating an OAAuth app with public: true we don't get a secret - is that a bug?

Screenshot 2024-10-02 at 23 16 07

@jescalan
Copy link
Contributor

jescalan commented Oct 9, 2024

Hey @hannojg - the docs are accurate at the moment, when you set it to true, it will not return a client secret and expect usage of PKCE.

We should definitely also support the scenario where you are using PKCE and also want a client secret though as it seems you are expecting, and we have a ticket internally to make that happen. I'll make sure you get an update when it has!

@hannojg
Copy link
Author

hannojg commented Oct 10, 2024

Thanks! But there is still in an error in the docs, no? Public is set to true, but in the example response a client_secret is returned?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jescalan @hannojg