Trying to implement PKCD flow in a background script of a Chrome extension (manifest v3).
Finally got the authentication code using something like this:
const inputBytes = getRandomBytes();
const verifier = buf2Base64(inputBytes)
windowSha256(verifier).then((shaHash) => {
const challenge = buf2Base64(shaHash);
let options = {
response_type: 'code',
client_id: config.client_id,
code_challenge: challenge,
code_challenge_method: 'S256',
redirect_uri: config.redirect,
scope: 'openid profile email',
audience: config.audience
};
let queryString = new URLSearchParams(options).toString();
let url = `https://${config.domain}/authorize?${queryString}`;
fetch(url).then((response_) => {
if (response_) {
var resultURL = response_.url;
const code = getParameterByName('code', resultURL);
}
})
})
However when I send that code to the /oauth/token endpoint (with the same redirect URL), I keep getting 401 in response. Note: using the https://domain-name.us.webtask.run/auth0-authentication-api-debugger debugger, the token comes back successfully with the code and verification code generated from the script above.
Here’s what I’m using to request the token:
let options_token = {
"grant_type": "authorization_code",
"client_id": config.client_id,
"code_verifier": verifier,
"code": code,
"redirect_uri": config.redirect
}
let url_token = `https://${config.domain}/oauth/token/`;
fetch(url_token, {
method: "POST",
body: options_token
}).then((res) => {
//here's the token
console.log(res)
})