By default, AppAuth sends a S256 PKCE code challenge on auth requests. If I need to interoperate with a server that only supports the plain code challenge method, how can I configure my authorization request?
iOS: You can override the PKCE parameters by using the OIDAuthorizationRequest initWithConfiguration:clientId:scope:redirectURL:responseType:state:codeVerifier:codeChallenge:codeChallengeMethod:additionalParameters: constructor. This can be used to send a custom PKCE method (the library only supports S256).
// builds authentication request
NSString *codeVerifier = [OIDAuthorizationRequest generateCodeVerifier];
OIDAuthorizationRequest *request =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:kClientID
scope:@"openid profile"
redirectURL:redirectURI
responseType:OIDResponseTypeCode
state:[OIDAuthorizationRequest generateState]
codeVerifier:codeVerifier
codeChallenge:codeVerifier
codeChallengeMethod:@"plain"
additionalParameters:nil];
Android: You can override the PKCE parameters by adding setCodeVerifier(String, String, String) to your builder. This can be used to send a custom PKCE method (by default the library uses S256 on clients that have SHA-256 platform support).
import net.openid.appauth.CodeVerifierUtil;
String codeVerifier = CodeVerifierUtil.generateRandomCodeVerifier();
AuthorizationRequest authRequest = new AuthorizationRequest.Builder(
serviceConfig,
CLIENT_ID,
AuthorizationRequest.RESPONSE_TYPE_CODE,
REDIRECT_URI)
.setScope(SCOPE)
.setCodeVerifier(codeVerifier, codeVerifier, "plain")
.build();