Skip to content
This repository has been archived by the owner on Jun 29, 2024. It is now read-only.

Support PKCE for authorization_code grant_type #19

Open
koshilife opened this issue Aug 21, 2021 · 3 comments
Open

Support PKCE for authorization_code grant_type #19

koshilife opened this issue Aug 21, 2021 · 3 comments

Comments

@koshilife
Copy link
Owner

According to the official announcements, Zoom supports PKCE for authorization_code grant_type since May 16, 2021.

Zoom supports Proof Key for Code Exchange (PKCE) when requesting user tokens. This offers better security by enabling clients to use a code challenge and code exchange as part of the initial user authorization request.

We would like to support it too.
@koshilife
Copy link
Owner Author

koshilife commented Aug 26, 2021
edited
Loading

Since the version of v1.1.0 or v0.4.0, omniauth-oauth2's pkce options be supportted for this strategy too.
So we checked to work or not the pkce options in following patterns under v1.1.0. The result is below.

[OK] Patten1: to disable pkce option (default)

This pattern is that pkce is disable.
It works and we got tokens.

  provider :zoom, zoom_client_id, zoom_client_secret, { scope: zoom_scope }

[OK] Pattern2: to enable pkce option and set code_challenge_method to plain

This pattern is that pkce is enable and set code_challenge_method to plain.
It works and we got tokens.

  provider :zoom, zoom_client_id, zoom_client_secret,
           {
             scope: zoom_scope,
             pkce: true,
             pkce_options: { code_challenge: proc { |verifier| verifier }, code_challenge_method: 'plain' }
           }

[NG] Pattern3: to enable pkce option and set code_challenge_method to S256

This pattern is that pkce is enable and set code_challenge_method to S256.
It doesn't work and invalid_request error was occured.

  provider :zoom, zoom_client_id, zoom_client_secret, { scope: zoom_scope, pkce: true }

The following is the app logs when the error was occurred.

Started POST "/users/auth/zoom" for ::1 at 2021-08-26 10:39:23 +0900
(zoom) Request phase initiated.
Started GET "/users/auth/zoom/callback?code=gM63x6QRzp_K9veR7bISXe-N6cEwCgtVQ&state=3a285e95ec451dff59592cf25311452a0d918338b68a128e" for ::1 at 2021-08-26 10:39:24 +0900
(zoom) Callback phase initiated.
(zoom) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: 
{"reason":"Invalid authorization code gM63x6QRzp_K9veR7bISXe-N6cEwCgtVQ","error":"invalid_request"}

We are trying to find out the causes.
There is a similar post on zoom developer forum that posted on June 8th.

Invalid authorization code with PKCE - Zoom Developer Forum

but the endpoint https://zoom.us/oauth/token returns
“reason”:“Invalid authorization code {code}”,“error”:“invalid_request”

It's under consideration to ask zoom developer support.

@kwent
Copy link

kwent commented Feb 22, 2023

Hi @koshilife Thanks for this great library. Any news on this issue ?

@koshilife
Copy link
Owner Author

Hi @kwent,
Unfortunately I don't have any update.
I haven't check since the above comment. At the moment, I don't have a plan to address this.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@koshilife @kwent