Add PKCE sample in docs

JonathanHuot · JonathanHuot · commit 9e6f5813c183 · 2024-02-27T08:34:30.000+01:00
Changed default behavior of having client_id i params when secret does not exist
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -12,6 +12,7 @@ v1.4.0 (TBD)
 - Add support for Python 3.8-3.12
 - Remove support of Python 2.x, <3.7
 - Migrated to Github Action
+- Add PKCE support
 
 
 v1.3.1 (21 January 2022)
diff --git a/docs/examples/examples.rst b/docs/examples/examples.rst
@@ -10,6 +10,7 @@ Examples
    github
    google
    linkedin
+   native_spa_pkce_auth0
    outlook
    spotify
    tumblr
diff --git a/docs/examples/native_spa_pkce_auth0.py b/docs/examples/native_spa_pkce_auth0.py
@@ -0,0 +1,20 @@
+
+client_id = 'your_client_id'
+
+authorization_base_url = "https://dev-foobar.eu.auth0.com/authorize"
+token_url = "https://dev-foobar.eu.auth0.com/oauth/token"
+scope = ["openid"]
+
+from requests_oauthlib import OAuth2Session
+redirect_uri = 'http://localhost:8080/callback'
+
+session = OAuth2Session(client_id, scope=scope, redirect_uri=redirect_uri, pkce="S256")
+authorization_url, state = session.authorization_url(authorization_base_url,access_type="offline")
+
+print("Please go here and authorize:")
+print(authorization_url)
+
+redirect_response = input('Paste the full redirect URL here: ')
+
+token = session.fetch_token(token_url, authorization_response=redirect_response)
+print(token)
diff --git a/docs/examples/native_spa_pkce_auth0.rst b/docs/examples/native_spa_pkce_auth0.rst
@@ -0,0 +1,12 @@
+Native or SPA Tutorial with PKCE in Auth0
+=========================================
+
+Setup a new web project in the Auth0 Dashboard, (application type: Native application or Single Page Web Application)_
+
+Note this sample is valid for any Identity Providers supporting OAuth2.0 Authorization Code with PKCE.
+
+When you have obtained a ``client_id``, and registered
+a callback URL then you can try out the command line interactive example below.
+
+.. literalinclude:: native_spa_pkce_auth0.py
+  :language: python
diff --git a/requests_oauthlib/oauth2_session.py b/requests_oauthlib/oauth2_session.py
@@ -330,6 +330,11 @@ def fetch_token(
 
         # otherwise we may need to create an auth header
         else:
+            # In case client_secret is none, it means we are in public clients
+            # so OAuth2 AS should read client_id into params instead of Basic Auth.
+            if client_secret is None:
+                include_client_id = True
+
             # since we don't have an auth header, we MAY need to create one
             # it is possible that we want to send the `client_id` in the body
             # if so, `include_client_id` should be set to True
