Add 'code_verifier' parameter to token request (#1182)

Kaleb · web-flow · commit 08bfa042c194 · 2022-08-06T10:43:33.000-04:00
* Add 'code_verifier' parameter to token request Fixes #1178 * Address feedback
diff --git a/AUTHORS b/AUTHORS
@@ -49,6 +49,7 @@ Joseph Abrahams
 Jozef Knaperek
 Julien Palard
 Jun Zhou
+Kaleb Porter
 Kristian Rune Larsen
 Michael Howitz
 Paul Dekkers
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   -->
 
 ## [unreleased]
+* Add 'code_verifier' parameter to token requests in documentation
 
 ## [2.1.0] 2022-06-19
 
diff --git a/docs/getting_started.rst b/docs/getting_started.rst
@@ -305,7 +305,7 @@ Export it as an environment variable:
 
 Now that you have the user authorization is time to get an access token::
 
-    curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" "http://127.0.0.1:8000/o/token/" -d "client_id=${ID}" -d "client_secret=${SECRET}" -d "code=${CODE}" -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" -d "grant_type=authorization_code"
+    curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" "http://127.0.0.1:8000/o/token/" -d "client_id=${ID}" -d "client_secret=${SECRET}" -d "code=${CODE}" -d "code_verifier=${CODE_VERIFIER}" -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" -d "grant_type=authorization_code"
 
 To be more easy to visualize::
 
@@ -316,6 +316,7 @@ To be more easy to visualize::
         -d "client_id=${ID}" \
         -d "client_secret=${SECRET}" \
         -d "code=${CODE}" \
+        -d "code_verifier=${CODE_VERIFIER}" \
         -d "redirect_uri=http://127.0.0.1:8000/noexist/callback" \
         -d "grant_type=authorization_code"
 
