Is Box support PKCE implementation?
Answered
Team - In the /login request, passing code_challenge and code_challenge_method and getting code which is being used in the token request. If I am passing code_verifier in the token request then getting expected result i.e. getting access token but if code_verifier is not present in token request still getting access token i.e. wrong. Our expectation is, token request should be failed.
-
Official comment
Hi,
I'm not sure I fully understand your question. Can you try restating it in another way?
Thanks,
Alex, Box Developer Advocate
Comment actions -
Our intention is to secure access token from the malicious user so we are trying to use PKCE.
So, In the /login request, passing code_challenge and code_challenge_method to get the code which is being used in subsequent call for token.
My question here is, if I don't specify code_verifier along with code in the token request, what should be the behavior?
-
I think you are meaning to post this on the Dropbox forum and not the Box forum... I did a quick google and found this
Please sign in to leave a comment.
Comments
3 comments