You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While InteractiveBrowserCredential on Node and on Browsers both use the Auth Code Flow, and both use MSAL, MSAL only handles PKCE automatically on browsers. For Node, MSAL supports it, but it's not done automatically.
Public native app clients MUST implement the Proof Key for Code
Exchange (PKCE [RFC7636]) extension to OAuth, and authorization
servers MUST support PKCE for such clients, for the reasons detailed
in Section 8.1.
While InteractiveBrowserCredential on Node and on Browsers both use the Auth Code Flow, and both use MSAL, MSAL only handles PKCE automatically on browsers. For Node, MSAL supports it, but it's not done automatically.
It should be done though,
From the OAuth docs for native apps (link):
MSAL's approach for PKE is very clear and we may be able to essentially copy how MSAL is using it here: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/samples/msal-node-samples/auth-code-pkce/index.js#L87
The text was updated successfully, but these errors were encountered: