Comments (5)
This is good. No need to update the PR I'm planning to clean up the readme a bit anyways. Thanks.
from js-pkce.
Yes. Can you please give me an example of the additional parameters you send for CORS? I would like to also update readme with some details. A full example using your additional argument in the PR would be great. I'll also update the tests before creating a new release.
from js-pkce.
I can include an example, but I don't want to polute your codebase with my docs if I put them in the wrong place. But below is an example of a valid request.
They key parts are:
"credentials": "include"
"mode": "cors"
Let me know where you'd like me to put these in the PR and I'm happy to assist.
fetch("https://example.com/oauth/token", {
"headers": {
"accept": "application/json",
"accept-language": "en,en-US;q=0.9",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"sec-ch-ua": "\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"macOS\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "cross-site"
},
"referrer": "https://origin-server.anothersite.com",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": "grant_type=authorization_code&code=xxx&client_id=myclientid&redirect_uri=https%3A%2F%2Forigin-server.anothersite.com%2Fcallback&code_verifier=xxx",
"method": "POST",
"mode": "cors",
"credentials": "include"
});
And you'd call it like this, the mode is already set to cors
by default when requesting across domains I believe:
pkce.exchangeForAccessToken(url, {}, { credentials: 'include' }).then((resp) => {
const token = resp.access_token;
// Do stuff with the access token.
console.log('the token', token)
});
from js-pkce.
After reviewing I would like some changes to this implementation. Please see PR.
from js-pkce.
New feature is now available in version 1.4.0
from js-pkce.
Related Issues (17)
- `dist/PKCE.d.ts` is missing HOT 2
- PKCE.exchangeForAccessToken function return type is infered as Promise<any> HOT 8
- If I set state in using additionalParams object in authorizeUrl method then after checking response with exchangeForAccessToken I get error 'Invalid State' HOT 5
- token revoke HOT 1
- could you please export ITokenResponse interface from PKCE.d.ts ? HOT 3
- getting JSON parse error while running npm audit HOT 1
- not getting email data from requested scopes HOT 1
- Uncaught (in promise) Error: Cannot resolve "crypto" from ... HOT 3
- How can I get CSRF before exchangeForAccessToken? HOT 1
- Support for custom params HOT 5
- id token HOT 4
- Not usable from browser extensions due to usage of Storage API HOT 2
- Unique code_challenge per request HOT 3
- PKCE.exchangeForAccessToken and error response HOT 2
- Request for an example HOT 1
- Firefox sessionStorage Issues HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from js-pkce.