OAuth 2.0 is a cornerstone of modern authentication. Enter PKCE, a pivotal enhancement fortifying OAuth 2.0 against interception and replay attacks. With the introduction of the 4D 20 R5, we now offer seamless integration of PKCE into OAuth 2.0 authentication processes.
When setting the new initialization parameter PKCEEnabled to True of the cs.NetKit.In the OAuth2Provider class, you activate the Proof Key for Code Exchange (PKCE) within OAuth 2.0 authentication processes. PKCE introduces an additional layer of security by mitigating interception and replay attacks for desktop applications. Enabling PKCE ensures that each authorization code exchange is cryptographically secured, bolstering the overall integrity of OAuth 2.0 authentication flows. This simple parameter adjustment enhances the security posture of your application without compromising user experience.
For instance, to authenticate your Google account using PKCE, you simply need to input:
var $credential:={}
// google
$credential.name:="Google"
$credential.permission:="signedIn"
$credential.clientId:="499730xxx"
$credential.clientSecret:="fc1kwxxx"
$credential.redirectURI:="http://127.0.0.1:50993/authorize/"
$credential.scope:="https://mail.google.com/"
// PKCE activation
$credential.PKCEEnabled:=True
var $oauth2:=cs.NetKit.OAuth2Provider.new($credential)
var $token:=Try($oauth2.getToken())
if ($token=null)
ALERT("Error: "+Last errors[0].message)
end if
Note that PKCE is only available for permission=”SignIn”
For more detailed information on integrating PKCE into your OAuth 2.0 authentication processes, please refer to 4D NetKit documentation.