Oauth2 pkce 12345

Hi, i’m trying to build a plugin with an api that requires pkce, I don’t think it’s possible with oauth2 user agent flow. What can I do? @emmanuel can this be implemented?
https://oauth.net/2/pkce

I believe it’s not impossible to do it.
You will need to use self handled and maybe a plugin to encode the code verifier / challenge

Thanks for reply, i’m not exactly sure to encode the challenge.

Do you have the link to the API doc?

https://marvelapp.com/developers/documentation/authentication/pkce/

Why don’t you use the oAuth2 protocol instead of the one with PKCE?

It forces me to use pkce for auth code, not sure about implicit grant

Ok. You need to self handled the auth part and because you need to encode some information, you need to use a server side plugin action. Maybe you can consider hiring someone to create it for you.

Yes I understand that already, I would prefer if there was a predefined option to use pkce for authentication, I think this will become industry standard.

I understand. You can request it but I think this may take a moment to implement. But this is a first start and more people will ask it and more they may consider implement it.

1 Like

When I use auth-code confidential i get this error after being redirected back to editor:

Can you show your setting? I believe that anyway, even without the PKCE, you may need to use self handled because I didn’t see a possible call to use to get user informations.

Marvel use GraphQL. So This cannot be handled by Authorization in API Connector

Oh lame, is there another way for bubble to connect with their api?

You can do it by selfhandled way. You need to create each step with each endpoint (authorize, token, manage access_token back…) Or you can create a plugin

You can also search for other Topic about GRaphQL