Replies: 1 comment 4 replies
-
|
Thanks for asking! Right, current OAuth implementation is web-only. I was thinking about implementing a service with the current web OAuth flow + a localhost web server as a callback. Implementing PKCE in Flet is on our TODO list though. You can help with that too. |
Beta Was this translation helpful? Give feedback.
-
|
Let me look into building a custom Cognito PKCE provider. Our whole back end is in AWS, so that's the natural choice for us. If I can get it working we'd be happy to contribute it. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you! |
Beta Was this translation helpful? Give feedback.
-
|
Is PKCE already supported but undocumented? It kind of looks that way in AuthorizationService . |
Beta Was this translation helpful? Give feedback.
-
|
Could be, but we never tested this scenario. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm building a desktop app using flet 0.28.3 . Reading the documentation I could find, and looking at the source code for flet.auth.oauth_provider.py , OAuthProvider requires a client secret. For a desktop app that means the client secret would need to be embedded in the code, which is insecure because anybody code dig it out. Does flet support OAuth 2 public clients and PKCE, which is the standard RFC 7636 for desktop and mobile clients?
Beta Was this translation helpful? Give feedback.
All reactions