-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unique code_challenge per request #40
Comments
I think the chance that the code challenge would not be unique is very near zero. For storage, the constructor option can be any object that implements the Storage interface so you can do that any way you want. |
Our generated authorization urls always contains the same
Even passing a different state results in the same
Is this caused by the shared storage? |
Ah. I see what you mean. I think the package can, and probably should, clear this data from storage after it's done using it. I will consider making this change. You can just remove the storage key before making another request for now. |
Our requirements are that every request must use a unique code_challenge within a server to server connection. So in the mean time sessionstorage or localstorage arn't available.
Are there any chance setting a code verifier per user/request? The storage keys are fixed, too.
The text was updated successfully, but these errors were encountered: