api-management-developer-portal icon indicating copy to clipboard operation
api-management-developer-portal copied to clipboard
verified publisher icon Azure

Use Authorization Code Flow with PKCE instead of Implicit Flow

Open RodrigoGroener opened this issue 5 years ago • 4 comments

Currently authentication to Azure Active Directory is done with "adal-vanilla". It's only supports OAuth implicit flow. Would it be possible to switch to "msal-browser" (MSAL v2) to use the authorization code flow with PKCE?

referencing last change of authentication #302 #298

RodrigoGroener avatar Feb 04 '21 16:02 RodrigoGroener

We are also looking for same feature. Any idea when it will be available?

saikiran-karumuri-by avatar Feb 09 '21 18:02 saikiran-karumuri-by

We don't have an ETA yet, please track this issue for updates.

mikebudzynski avatar Feb 10 '21 18:02 mikebudzynski

@mikebudzynski Friendly bump, are there any further updates on adding support for PKCE flow? On a security review and we have been asked to look at ways to turn off implicit grant flow and that wouldn't be possible until APIM portal starts supporting auth code + PKCE.

arvind1234 avatar Mar 26 '21 19:03 arvind1234

Merging the duplicate #1146 into this issue.

mikebudzynski avatar Nov 10 '21 22:11 mikebudzynski