PKCE

Proof Key for Code Exchange): For mobile or Single Page Applications (SPAs) we shoulduse Authorization Code Grant with PKCE. Keycloak PKCE client Gemini generated

Could you implement a javascript client with html with no nodejs need ?

   1    2    3    4     5     6     7     8     9    10    11   12   13    14   15    16    17    18    19    20    21    22    23   24    25   26    27    28    29    30    31    32    33    34    35    36    37    38    39    40    41    42    43    44    45    46    47    48    49    50    51    52    53    54    55    56    57    58    59    60    61    62    63    64    65    66    67    68    69    70    71    72    73    74    75    76    77    78    79    80    81    82    83    84    85    86    87    88    89    90    91    92    93    94    95    96    97    98    99   100  101   102   103   104   105   106   107  108   109   110   111   112   113   114  115   116   117   118   119  120   121  122  123

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131

PKCE (last edited 2026-01-13 22:44:47 by

class="anchor" id="line-10">

55c5493c9e336a70aa_1"><!DOCTYPE html> class="ID"><html lang="en"> class="ID"><head> <title>Azure Entra ID PKCE Client</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; padding: 40px; background-color: #f3f2f1; } .container { max-width: 800px; margin: auto; background: white; padding: 30px; border-radius: 4px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); } pre { background: #201f1e; color: #00eb00; padding: 15px; overflow-x: auto; border-radius: 4px; font-family: 'Cascadia Code', monospace; } button { padding: 12px 24px; cursor: pointer; background: #0078d4; color: white; border: none; font-weight: 600; } button:hover { background: #005a9e; } .hidden { display: none; } </style> class="ID"></head> class="ID"><body> class="ID"><div class="container"> <h2>Azure Entra ID Auth (Plain JS)</h2> <p id="auth-status">Checking session...</p> <button id="login-btn" class="hidden">Sign in with Microsoft</button> <button id="logout-btn" class="hidden">Sign Out</button> <h3>Token Response:</h3> <pre id="token-data">Not authenticated.</pre> class="ID"></div> class="ID"><script> // --- 1. CONFIGURE THESE THREE VALUES --- const TENANT_ID = "YOUR_TENANT_ID"; // Or "common" for multi-tenant const CLIENT_ID = "YOUR_APPLICATION_CLIENT_ID"; const REDIRECT_URI = window.location.origin + window.location.pathname; const config = { authEndpoint: `https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/authorize`, tokenEndpoint: `https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token`, // scope: "openid profile offline_access User.Read" scope: "openid profile User.Read" }; // --- PKCE CRYPTO UTILS --- async function generateCodeChallenge(codeVerifier) { const encoder = new TextEncoder(); const data = encoder.encode(codeVerifier); const digest = await window.crypto.subtle.digest("SHA-256", data); return btoa(String.fromCharCode(...new Uint8Array(digest))) .replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""); } function generateRandomString(length) { const array = new Uint8Array(length); window.crypto.getRandomValues(array); const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; let result = ''; for (let i = 0; i < length; i++) { result += chars.charAt(array[i] % chars.length); } return result; } // --- MAIN FLOW --- async function handleAuth() { const params = new URLSearchParams(window.location.search); const code = params.get("code"); if (code) { await exchangeCodeForToken(code); window.history.replaceState({}, document.title, window.location.pathname); } else if (localStorage.getItem("azure_access_token")) { showLoggedIn(); } else { document.getElementById("login-btn").classList.remove("hidden"); } } document.getElementById("login-btn").onclick = async () => { const verifier = generateRandomString(64); localStorage.setItem("pkce_verifier", verifier); const challenge = await generateCodeChallenge(verifier); const authUrl = `${config.authEndpoint}?` + `client_id=${CLIENT_ID}&` + `response_type=code&` + `redirect_uri=${encodeURIComponent(REDIRECT_URI)}&` + `response_mode=query&` + `scope=${encodeURIComponent(config.scope)}&` + `code_challenge=${challenge}&` + `code_challenge_method=S256`; window.location.href = authUrl; }; async function exchangeCodeForToken(code) { const verifier = localStorage.getItem("pkce_verifier"); const response = await fetch(config.tokenEndpoint, { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded" }, body: new URLSearchParams({ client_id: CLIENT_ID, grant_type: "authorization_code", code: code, redirect_uri: REDIRECT_URI, code_verifier: verifier // No client_secret needed for SPA/Public clients }) }); an> const data = await response.json(); if (data.access_token) { localStorage.setItem("azure_access_token", data.access_token); localStorage.setItem("full_response", JSON.stringify(data, null, 2)); showLoggedIn(); } else { alert("Error: " + data.error_description); } } an> function showLoggedIn() { document.getElementById("login-btn").classList.add("hidden"); document.getElementById("logout-btn").classList.remove("hidden"); document.getElementById("auth-status").innerText = "Status: Signed in to Azure Entra ID"; document.getElementById("token-data").innerText = localStorage.getItem("full_response"); } an> document.getElementById("logout-btn").onclick = () => { localStorage.clear(); window.location.reload(); }; an> handleAuth(); class="ID"></script> class="ID"></body> class="ID"></html> class="nonexistent" href="/vitor" title="vitor @ 127.0.0.1[127.0.0.1]">vitor)

PKCE

Azure Entra ID PKCE client - Gemini generated