Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

OAuth2 Data Connector with PKCE -SHA256 hashing, is it possible?

‎01-20-2021 02:19 AM

Hi,

I am trying to implement OAuth2 in custom connector. I should pass code_challenge_method with a value plain or  SHA256. Does Power Query has an function to do the hashing? Because how I understand pass plain value, not suggested.

"Method used to generate the challenge (e.g., S256). The PKCE spec defines two methods, S256 and plain, the former is used in this example and is the only one supported by Auth0 since the latter is discouraged."

https://auth0.com/docs/flows/call-your-api-using-the-authorization-code-flow-with-pkce#javascript-sa... 

 

@artemus 

Labels:
Message 1 of 4
1,875 Views
0
2 ACCEPTED SOLUTIONS
artemus
Employee
Employee

‎01-20-2021 05:33 AM

You should be able to find what you need in the CryptoAlgorithm.* library. Note this library is only avialable to connectors.

 

E.g.

Binary.ToText(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(str, TextEncoding.Ascii)), BinaryEncoding.Base64)

View solution in original post

Message 2 of 4
1,839 Views
0
artemus
Employee
Employee
In response to Anonymous

‎01-20-2021 06:41 AM

Actually see if this works:

 

Base64UrlEncodeWithoutPadding = (hash as binary) as text =>
    let
        base64Encoded = Binary.ToText(hash, BinaryEncoding.Base64),
        base64UrlEncoded = Text.Replace(Text.Replace(base64Encoded, "+", "-"), "/", "_"),
        withoutPadding = Text.TrimEnd(base64UrlEncoded, "=")
    in 
        withoutPadding;

MyConnector.StartLogin = (resourceUrl, state, display) =>
    let
        baseUri = ..., //Generate uri from resourceUrl
        codeVerifier = Text.NewGuid() & Text.NewGuid(),
        codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
        authorizeUrl = baseUri & "/oauth2/authorize?" & Uri.BuildQueryString([
            client_id = clientId,
            scope = tokenScope,
            state = state,
            code_challenge_method = "S256",
            code_challenge = codeChallenge,
            redirect_uri = redirectUri,
            response_type = "code"])
    in
        [
            LoginUri = authorizeUrl,
            CallbackUri = redirectUri,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = [BaseUri = baseUri, CodeVerifier = codeVerifier]
        ];

View solution in original post

Message 4 of 4
1,834 Views
3 REPLIES 3
artemus
Employee
Employee

‎01-20-2021 05:33 AM

You should be able to find what you need in the CryptoAlgorithm.* library. Note this library is only avialable to connectors.

 

E.g.

Binary.ToText(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(str, TextEncoding.Ascii)), BinaryEncoding.Base64)
Message 2 of 4
1,840 Views
0
Anonymous
Not applicable
In response to artemus

‎01-20-2021 05:40 AM

thanks...@artemus and how generate, before hashing, high-entropy random string called code_verifier-

This is a cryptographically random string using the characters A-Z, a-z, 0-9, and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long.

Message 3 of 4
1,837 Views
0
artemus
Employee
Employee
In response to Anonymous

‎01-20-2021 06:41 AM

Actually see if this works:

 

Base64UrlEncodeWithoutPadding = (hash as binary) as text =>
    let
        base64Encoded = Binary.ToText(hash, BinaryEncoding.Base64),
        base64UrlEncoded = Text.Replace(Text.Replace(base64Encoded, "+", "-"), "/", "_"),
        withoutPadding = Text.TrimEnd(base64UrlEncoded, "=")
    in 
        withoutPadding;

MyConnector.StartLogin = (resourceUrl, state, display) =>
    let
        baseUri = ..., //Generate uri from resourceUrl
        codeVerifier = Text.NewGuid() & Text.NewGuid(),
        codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
        authorizeUrl = baseUri & "/oauth2/authorize?" & Uri.BuildQueryString([
            client_id = clientId,
            scope = tokenScope,
            state = state,
            code_challenge_method = "S256",
            code_challenge = codeChallenge,
            redirect_uri = redirectUri,
            response_type = "code"])
    in
        [
            LoginUri = authorizeUrl,
            CallbackUri = redirectUri,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = [BaseUri = baseUri, CodeVerifier = codeVerifier]
        ];
Message 4 of 4
1,835 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All