Add support for "grantType" as alias for PKCE #235
Conversation
aarongranick-okta
commented
Aug 7, 2019
•
aarongranick-okta
commented
- grantType will be deprecated in v3.0 https://oktainc.atlassian.net/browse/OKTA-242989
- simplify getDefaultOauthParams()
- add additional testing around constructor / options
|
|
| @@ -31,14 +31,16 @@ function OktaAuthBuilder(args) { | |||
| var sdk = this; | |||
|
|
|||
| var url = builderUtil.getValidUrl(args); | |||
| // OKTA-242989: support for grantType will be removed in 3.0 | |||
| var usePKCE = args.pkce || args.grantType === 'authorization_code'; | |||
There was a problem hiding this comment.
This change overrides my configuration when I have pkce: false and grantType: 'authorization_code'.
Do you 'have' to use pkce with an auth_code grant?
There are a few places in the code that do this type of boolean coalesce operation that override an explicit parameter that is already set to false
There was a problem hiding this comment.
The grantType parameter was added specifically for PKCE, it has no other function. We have deprecated it because of the confusion it has caused with non-PKCE ("standard") authorization_code flow. To perform "standard" authorization_code flow, you should set the responseType to ['code']. Do not use the grantType option, it is only an alias for pkce and we will remove it in the near future.
