ZITADELZZITADEL
Powered by
Jon @ PositJ
ZITADEL•7mo ago•
3 replies
Jon @ Posit

Device Authorization has no PKCE Support

The methods 
rp.DeviceAuthorization
rp.DeviceAuthorization
 and 
rp.DeviceAccessToken
rp.DeviceAccessToken
 don't support PKCE for OPs that require PKCE for device authorization. 
rp.DeviceAuthorization
rp.DeviceAuthorization
 does support a custom 
authFn
authFn
, so you can pass a custom 
http.FormAuthorization
http.FormAuthorization
 function that adds the 
code_challenge
code_challenge
 and 
code_challenge_method
code_challenge_method
. However, 
rp.DeviceAccessToken
rp.DeviceAccessToken
 doesn't support an auth function. We worked around this limitation by creating a custom http RoundTripper that adds 
code_verifier
code_verifier
 to the form data and then rewrites the request body before sending it. Should I open an issue for this?
ZITADEL banner
ZITADELJoin
ZITADEL - Identity infrastructure, simplified for you.
4,374Members
Resources
Recent Announcements

Similar Threads

Was this page helpful?

Similar Threads

Device Authorization with Okta using zitadel/oidc
Jon @ PositJJon @ Posit / questions-help-bugs
11mo ago
Cannot generate PKCE secret
HinaraHHinara / questions-help-bugs
4mo ago
ClientID has no @ symbol
BadTokenBBadToken / questions-help-bugs
7mo ago