Forum Xamarin.Forms
We are excited to announce that the Xamarin Forums are moving to the new Microsoft Q&A experience. Q&A is the home for technical questions and answers at across all products at Microsoft now including Xamarin!

We encourage you to head over to Microsoft Q&A for .NET for posting new questions and get involved today.

Essentials Web Authenticator does not provide PKCE support

JohnBotibolJohnBotibol GBMember ✭✭

Since it is the recommended flow to support mobile clients using OpenID Connect it seems surprising that Web Authenticator does not appear to support PKCE.
I have seen David Britch's post where he combines Web Authenticator with IdentityModel.OidcClient however that has a bit of a problem on iOS when the Authority supports shared cookies and thus pops the iOS Sign In permission. Declining that causes an NSErrorException to be thrown in WebAuthenticator. Also, this OidcClient tends to be quite slow, presumably because it's parsing the discovery document.
Does anyone know if it is planned to support more complex flows using WebAuthenticator?


  • bobcarolgeesbobcarolgees Member ✭✭

    I have not found to to be particularly slow, apart from the first time IdentityServer is cranked up... The process described in David Birtch's post does use PKCE... You just don't have to handle all the challenge and code verifier as this is all done for you under the hood. If you fill in the OidcClientOptions and then check the StartUrl, you will see it has a challenge etc in the url.

  • JohnBotibolJohnBotibol GBMember ✭✭

    Yes, I am of course aware that PKCE is supported - by IdentityModel.OidcClient though. Regarding the speed issue, if you have all of the required information regarding your auth server then you can set ProviderInformation in OidcClientOptions after which the client no longer needs to parse the discovery document.

Sign In or Register to comment.