OAuth2 Code Flow + PKCE

Question

Question

Blaise ZARKA · Dec 11, 2019

#Authentication #Access control #InterSystems IRIS

Hi,

We need to implement Oauth2 Code Flow + PKCE. Any experience with InterSystems OAuth2 Server on this would be welcome.
What parameters did you setup on OAuth 2 server configuration page to make it work?

Thanks!

Discussion (4)1

Log in or sign up to continue

Eduard Lebedyuk · Dec 11, 2019

Check this series of articles by @Daniel Kutac.

0 0

score 0 · Answer 1 · 2019-12-11T10:03:38-05:00

For those who are interested, here is an good article on the ≠ between implicit flow and code flow with PKCE:
https://christianlydemann.com/implicit-flow-vs-code-flow-with-pkce/

score 0 · Answer 2 · 2019-12-11T10:21:32-05:00

Thanks Eduard. As I understand, these articles address authorization flow for confidential client.
I would need a oauth2 flow compatible with an angular public client and the recommended one for this kind of client is code flow + PKCE.
Anyone experience this kind authorization flow with IRIS as server?

score 0 · Answer 3 · 2021-04-13T18:26:45-04:00

Hi Blaise,

I understand intersystems will support OAuth code follow with PKCE in 2021.2.

Did you work out a flow?