feat: add SSO PKCE (#707)

## What kind of change does this PR introduce? Companion PR to: supabase/auth#1137 Server-Side PR: PKCE supabase/auth#1137 Co-authored-by: joel@joellee.org <joel@joellee.org>
supabase · Oct 20, 2023 · ba66b4d · ba66b4d
1 parent 58a1ee6
commit ba66b4d
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
@@ -709,6 +709,14 @@ export default class GoTrueClient {
   async signInWithSSO(params: SignInWithSSO): Promise<SSOResponse> {
     try {
       await this._removeSession()
+      let codeChallenge: string | null = null
+      let codeChallengeMethod: string | null = null
+      if (this.flowType === 'pkce') {
+        const codeVerifier = generatePKCEVerifier()
+        await setItemAsync(this.storage, `${this.storageKey}-code-verifier`, codeVerifier)
+        codeChallenge = await generatePKCEChallenge(codeVerifier)
+        codeChallengeMethod = codeVerifier === codeChallenge ? 'plain' : 's256'
+      }
 
       return await _request(this.fetch, 'POST', `${this.url}/sso`, {
         body: {
@@ -719,6 +727,8 @@ export default class GoTrueClient {
             ? { gotrue_meta_security: { captcha_token: params.options.captchaToken } }
             : null),
           skip_http_redirect: true, // fetch does not handle redirects
+          code_challenge: codeChallenge,
+          code_challenge_method: codeChallengeMethod,
         },
         headers: this.headers,
         xform: _ssoResponse,