Genesys Cloud Developer Forum

PKCE Wrong Documentation

Adrian_Santamaria June 7, 2023, 2:41pm 1

Hello

I think I have discovered a mistake in the PKCE documentation.

There, it says that the app has to redirect to

https://login.mypurecloud.com/oauth/authorize?
client_id=<my-client-id>&
response_type=code&
redirect_uri=<http://example.com/oauth/callback>&
code_challenge=xxxx

However, I've tried it and it causes an invalid_request error. I think it is because the code_challenge_method parameter is missing, because if I instead use

https://login.mypurecloud.com/oauth/authorize?
client_id=<my-client-id>&
response_type=code&
redirect_uri=<http://example.com/oauth/callback>&
code_challenge=xxxx&
code_challenge_method=S256

it works fine.

As the RFC says, not including code_challenge_method implies it uses the default, plain, whereas it is using SHA256.

Could you check it, please? Thank you!

Ebenezer_Osei June 12, 2023, 8:13pm 2

Hi,

Thank you for reporting this. I have informed the team in charge of the service. The documentation should be updated soon.

system Closed July 13, 2023, 8:13pm 3

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.