Implementing PKCE with email password login for iOS

I am trying to implement PKCE for login with email and password. For that, I see this function codeExchange(withCode:codeVerifier:redirectURI:) but I don’t find any way to make this work with the login function I am currently using which is login(usernameOrEmail:password:realmOrConnection:audience:scope:). Would like to know if this login function already following PKCE under the hood. If it’s not how to make it work?

Hi @sayed,

Welcome to the Auth0 Community!

The login method you’ve posted here is for the password-realm extension grant.

This grant is entirely separate from PKCE. If you are passing the username/password directly from your application, you are not using the Auth Code + PKCE grant.

The auth code + PKCE grant is specifically for redirect-based login. There’s a good diagram here: Authorization Code Flow with Proof Key for Code Exchange (PKCE).

1 Like

Hi @dan.woda

Thanks for the reply. It helped us to clarify our understanding.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.