fsebugoutzone.org:9999

       Post AlMAtrkuAEvCDWkLTs by cheeaun@mastodon.social
 (DIR) More posts by cheeaun@mastodon.social
 (DIR) Post #AlMAtqxd7RVRkhgzg0 by cheeaun@mastodon.social
       2024-08-25T05:02:04Z
       
       0 likes, 0 repeats
       
       Gosh this PKCE stuff goes back to 2020.Reads:- Dropbox: https://dropbox.tech/developers/pkce--what-and-why-- Postman: https://blog.postman.com/pkce-oauth-how-to/- Mastodon OAuth PKCE extension PR: https://github.com/mastodon/mastodon/pull/31129- Mastodon OAuth documentation PR: https://github.com/mastodon/documentation/pull/1445#OAuth
       
 (DIR) Post #AlMAtrkuAEvCDWkLTs by cheeaun@mastodon.social
       2024-08-26T08:25:35Z
       
       0 likes, 0 repeats
       
       @thisismissem 2 questions:1. Is there a way to detect if the oauth endpoint supports PKCE? I guess per-instance?2. Does the `/oauth/token` endpoint support the additional `code_verifier` param?
       
 (DIR) Post #AlMAtsWlIJCcbx8Z4i by thisismissem@hachyderm.io
       2024-08-26T10:19:13Z
       
       1 likes, 0 repeats
       
       @cheeaun 1. yes, /.well-known/oauth-authorization-server advertises it, if that&#39;s a 404, assume no support.2. yes, per the PKCE specification.Documentation coming soon