PKCE documentation

ORY Hydra
#1

Excuse me, can hydra have a document describing the configuration and use of pkce?

#2

I think that’s a good idea! A good place would probably be around here: https://www.ory.sh/docs/hydra/advanced#creating-a-public-oauth-20-client

Basically what you have to do is to create a public client like so:

hydra clients create --endpoint http://ory-hydra-admin-api --token-endpoint-auth-method none

And then you should already be good to go!

#3

Thanks for your answers

#4

Hi, I’ve been looking around for PKCE documents and hydra and am new to open id and oauth 2.0… Im trying it out based on what we have… Any other documents would help.
im trying to get code_challenge, etc in too.

Let me know if this should be a new topic. I thought putting it together with this documentation make sense…
I did the following:

  1. A quickstart hydra server built.
    docker-compose -f quickstart.yml -f quickstart-postgres.yml up --build
  2. As per above…
    docker-compose -f quickstart.yml exec hydra
    hydra clients create
    –endpoint 127.0.0.1:4445
    –token-endpoint-auth-method none
    –id auth-code-client
    –scope openid
    –callbacks 127.0.0.1:5555/callback

OAuth 2.0 Client ID: auth-code-client
This OAuth 2.0 Client has no secret

  1. http://127.0.0.1:4445/oauth2/auth?access_type=offline&client_id=auth-code-client&code_challenge=ahsbr8liNiieY9JKiSoX0EEVK52xrlGCFvM-zG-Tuhc&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A5555%2Fcallback&response_type=code&scope=openid&state=some-state

I seem to go to the login with a login challenge… logging into it ask for authorization before returning a code

Is the above right?

#5

Looks ok!

#6

Thanks!