What is Code_challenge and code_challenge_method?

I am new here. For my flutter app(android and iOS) i am referring above code. Is this the correct code I am referring? And what is code_challenge and code_challenge_method here? Can you please explain with code sample.

Hey there @iamflutteristas , welcome to the Auth0 by Okta Community!

That’s the right one. This flow allows you to authorize user without need to send application credentials to the authorization server (as mobile apps and SPAs are considered clients that can not securely store credentials, like the client_secret.) Thus multi-stage authorization is recommended.

These are used on different stages mentioned above.

code_challenge is a hash value generated from a random string. This random string is called here a code_verifier.

code_challenge_method is a function that calculates hash value of code_verifier.

You can find code samples here - Call Your API Using the Authorization Code Flow with PKCE

Please let me know if you have any follow up questions on that!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.