Wt

To follow up and future reference: I added a basic implementation of PKCE. The most drastic change is that there is a need to store the PKCE challenge value and method while the "authorize" endpoint does its work so that it is available in the "token" endpoint later on for validation.

I couldn't find a way to non-intrusively attach additional information to the existing Wt.Auth database objects, so I found another solution which works for us for now - but is not useful to other Wt developers.

A more correct solution might create a specialized database entity for this. I'm not too well versed in the Wt design to suppose what should be done here.

Other than that, working with Wt.Auth went quite well. The most difficult thing was to decode from the various slightly different examples how the puzzle pieces need to be fit together in my case.

Hello Stephan,

you're quite right that PKCE is not supported out-of-the-box. Nor is there, as you said, a non-intrusive way to attach additional identity information to existing Wt::Auth Dbo objects. You can create new tables, and attach those to existing users/identities.
We are currently internally going over Wt::Auth, working towards a Wt::Auth2, with more extensive support for various authentication mechanisms. Not that we will implement the all, but that we will make it easier for developers to implement them, in such a way that the framework can support it well.
I don't have a ETA for this, but it is in the works.

Best,
Matthias