I am trying to implement PKCE for login with email and password. For that, I see this function codeExchange(withCode:codeVerifier:redirectURI:) but I don’t find any way to make this work with the login function I am currently using which is login(usernameOrEmail:password:realmOrConnection:audience:scope:). Would like to know if this login function already following PKCE under the hood. If it’s not how to make it work?
Hi @sayed,
Welcome to the Auth0 Community!
The login method you’ve posted here is for the password-realm extension grant.
This grant is entirely separate from PKCE. If you are passing the username/password directly from your application, you are not using the Auth Code + PKCE grant.
The auth code + PKCE grant is specifically for redirect-based login. There’s a good diagram here: Authorization Code Flow with Proof Key for Code Exchange (PKCE).
1 Like
Hi @dan.woda
Thanks for the reply. It helped us to clarify our understanding.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.