Hi all. Newbie to RC here, so perhaps I am doing something wrong. But...
In a browser (Firefox) using javascript and the RC js SDK, I am trying to implement the OAuth2 3 legged flow using PKCE and "top frame setup" (see Top frame setup on the JS SDK page). FYI I have successfully implemented the "Popup setup" described on the same page.
In the Top frame setup, when my redirectUri landing page calls rcsdk.login(loginOptions) the SDK throws an error with message "code_verifier required". It looks to me like the SDK is not sending the code_verifier when making the authorization_code request to the RC Auth server and so the RC Auth servers response is a 400 bad request.
I am not sure how the SDK would know the value of the code_verifier as I believe it was generated on the main page when the loginUrl was created and I don't see how in this scenario the landing page SDK is going to have that info. So, perhaps PKCE is not possible using the top frame setup?
I have attached in a zip including simplified versions of the main page and redirectUri page html/js for your viewing pleasure.
Any advice or insight would be appreciated.
Thanks. -- David