Skip to content

Commit 4f04a57

Browse files
alemanguin2ygk
alemangui
and
n2ygk
authored
Updates "getting started" documentation (#1159)
* Updates "getting started" documentation Adds PKCE token instructions to be in sync with 2.0 version. Co-authored-by: Alan Crosswell <[email protected]>
1 parent 78c91d9 commit 4f04a57

File tree

2 files changed

+20
-1
lines changed

2 files changed

+20
-1
lines changed

AUTHORS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ Contributors
99

1010
Abhishek Patel
1111
Alan Crosswell
12+
Alejandro Mantecon Guillen
1213
Aleksander Vaskevich
1314
Alessandro De Angelis
1415
Alex Szabó

docs/getting_started.rst

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -256,13 +256,31 @@ Export ``Client id`` and ``Client secret`` values as environment variable:
256256
export ID=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8
257257
export SECRET=DZFpuNjRdt5xUEzxXovAp40bU3lQvoMvF3awEStn61RXWE0Ses4RgzHWKJKTvUCHfRkhcBi3ebsEfSjfEO96vo2Sh6pZlxJ6f7KcUbhvqMMPoVxRwv4vfdWEoWMGPeIO
258258

259+
Now let's generate an authentication code grant with PKCE (Proof Key for Code Exchange), useful to prevent authorization code injection. To do so, you must first generate a ``code_verifier`` random string between 43 and 128 characters, which is then encoded to produce a ``code_challenge``::
260+
261+
.. sourcecode:: python
262+
263+
import random
264+
import string
265+
import base64
266+
import hashlib
267+
268+
code_verifier = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(random.randint(43, 128)))
269+
code_verifier = base64.urlsafe_b64encode(code_verifier)
270+
271+
code_challenge = hashlib.sha256(code_verifier.encode('utf-8')).digest()
272+
code_challenge = base64.urlsafe_b64encode(code_challenge).decode('utf-8').replace('=', '')
273+
274+
Take note of ``code_challenge`` since we will include it in the code flow URL. It should look something like ``XRi41b-5yHtTojvCpXFpsLUnmGFz6xR15c3vpPANAvM``.
275+
259276
To start the Authorization code flow go to this `URL`_ which is the same as shown below::
260277

261-
http://127.0.0.1:8000/o/authorize/?response_type=code&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback
278+
http://127.0.0.1:8000/o/authorize/?response_type=code&code_challenge=XRi41b-5yHtTojvCpXFpsLUnmGFz6xR15c3vpPANAvM&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback
262279

263280
Note the parameters we pass:
264281

265282
* **response_type**: ``code``
283+
* **code_challenge**: ``XRi41b-5yHtTojvCpXFpsLUnmGFz6xR15c3vpPANAvM``
266284
* **client_id**: ``vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8``
267285
* **redirect_uri**: ``http://127.0.0.1:8000/noexist/callback``
268286

0 commit comments

Comments
 (0)