Does OAuth option support PKCE?

GPT builders Plugins / Actions builders
,
1

Documentation for OAuth authentication option doesn’t talk about PKCE [1]. Given that, for example, Microsoft Identity Platform recommends/requires [2] PKCE parameters (code_challenge and code_challenge_method when obtaining auth-code; and code_verifier when exchanging auth-code for an access token (and/or refresh token)), are there any plans to support it?

[1] www .rfc-editor .org/rfc/rfc7636
[2] learn .microsoft .com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code

*unfortunately can’t include non-openai .com links in the post

1 Like
2

I’m also curious about this as I am using an oAuth setup that turns on PKCE by default.

I have been getting code challenge required error, so I presume that GPT Actions does not support PKCE

3

It seems the PKCE issue has still not been resolved even after more than a year. I’m also struggling with the same concern. At this point, the only options seem to be either disabling the PKCE required default on the server or customizing the backend logic to not require PKCE for a specific client_id . How have you resolved this issue? If anyone has a smart solution, I’d appreciate it if they could share it.