Support of Authorization Code Flow with Proof Key for Code Exchange (PKCE) #81
Comments
|
It seems like PKCE works fine when passing It seems like PKCE works only with the Is there any way to use PKCE with the 'Saved Credentials Flow'? |
|
Okay I managed to find a sloppy workaround: I manually created an oauth2 client based on the saved credentials ('creds' here): import 'package:oauth2/src/client.dart';
import 'package:oauth2/src/credentials.dart';
Credentials credentials = Credentials(creds.accessToken!,
refreshToken: creds.refreshToken,
idToken: creds.clientId,
tokenEndpoint: creds.tokenEndpoint,
scopes: creds.scopes,
expiration: creds.expiration);
Client client = Client(credentials,
identifier: clientId,
secret: null,
basicAuth: true,
httpClient: http.Client(),
onCredentialsRefreshed: _onCredentialsRefreshed);And then create a SpotifyApi instance with the spotify = SpotifyApi.fromClient(client);However there are multiple things wrong with this, one of which being that a direct import from another package is required. For now this works, but I'd like to see a better solution. |
|
Will this be added? |
|
Thanks for this! Getting the token and creating the client works fine using the hack from @Ruud14. But how do you manually refresh the token now that it's going outside the spotify-dart library? |
|
@rinukkusu should we add a "help wanted" label for this issue? |
It's not documented, but passing
nullforclientSecret:forces
oauth2lib to generate challenge and follow PKCE auth flow (https://developer.spotify.com/documentation/general/guides/authorization-guide/#authorization-code-flow-with-proof-key-for-code-exchange-pkce) and it worked out of the box for me.It may be worth to document it.
The text was updated successfully, but these errors were encountered: