Hi,
as i understand PKCE in this flow code verifier and code challenge should be created on a clients front-end side (for example native app). To implement that i have to add additional parameters to token request (endpoint on clients backend application that is responsible for exchange of authorization code for access token). I was looking for option for implementing it by customizing spring-security-oauth2-client, but I'm not sure is such possibility provided. Is there such possibility to override this token endpoint with his parameters, or should i write this endpoint from scratch?
Here is sequence diagram with flow:
Comment From: jgrandja
Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it).
Comment From: Piotr-Filochowski
Okey, thanks for answering. Here is my post on stackoverflow: https://stackoverflow.com/questions/62062191/additional-parameter-in-oauth2-token-request/62091450#62091450