Skip to content

These low-level functions can be used to assemble a custom flow for APIs that are further from the spec:

  • oauth_flow_auth_code_url() generates the url that should be opened in a browser.

  • oauth_flow_auth_code_listen() starts a temporary local webserver that listens for the response from the resource server.

  • oauth_flow_auth_code_parse() parses the query parameters returned from the server redirect, verifying that the state is correct, and returning the authorisation code.

  • oauth_flow_auth_code_pkce() generates code verifier, method, and challenge components as needed for PKCE, as defined in RFC 7636.

Usage

oauth_flow_auth_code_url(
  client,
  auth_url,
  redirect_uri = NULL,
  scope = NULL,
  state = NULL,
  auth_params = list()
)

oauth_flow_auth_code_listen(redirect_uri = "http://localhost:1410")

oauth_flow_auth_code_parse(query, state)

oauth_flow_auth_code_pkce()

Arguments

state

Random state generated by oauth_flow_auth_code(). Used to verify that we're working with an authentication request that we created. (This is an unlikely threat for R packages since the webserver that listens for authorization responses is transient.)

query

List of query parameters returned by oauth_flow_auth_code_listen().