Team - In the /login request, passing code_challenge and code_challenge_method and getting code which is being used in the token request. If I am passing code_verifier in the token request then getting expected result i.e. getting access token but if code_verifier is not present in token request still getting access token i.e. wrong. Our expectation is, token request should be failed.
Question
Is Box support PKCE implementation?
Hi,
I'm not sure I fully understand your question. Can you try restating it in another way?
Thanks,
Alex, Box Developer Advocate
Our intention is to secure access token from the malicious user so we are trying to use PKCE.
So, In the /login request, passing code_challenge and code_challenge_method to get the code which is being used in subsequent call for token.
My question here is, if I don't specify code_verifier along with code in the token request, what should be the behavior?
I think you are meaning to post this on the Dropbox forum and not the Box forum... I did a quick google and found this
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.