cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
scorpionfly
Helper II
Helper II

OAuth2 Data Connector with PKCE -SHA256 hashing, is it possible?

Hi,

I am trying to implement OAuth2 in custom connector. I should pass code_challenge_method with a value plain or  SHA256. Does Power Query has an function to do the hashing? Because how I understand pass plain value, not suggested.

"Method used to generate the challenge (e.g., S256). The PKCE spec defines two methods, S256 and plain, the former is used in this example and is the only one supported by Auth0 since the latter is discouraged."

https://auth0.com/docs/flows/call-your-api-using-the-authorization-code-flow-with-pkce#javascript-sa... 

 

@artemus 

2 ACCEPTED SOLUTIONS
artemus
Microsoft
Microsoft

You should be able to find what you need in the CryptoAlgorithm.* library. Note this library is only avialable to connectors.

 

E.g.

Binary.ToText(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(str, TextEncoding.Ascii)), BinaryEncoding.Base64)

View solution in original post

Actually see if this works:

 

Base64UrlEncodeWithoutPadding = (hash as binary) as text =>
    let
        base64Encoded = Binary.ToText(hash, BinaryEncoding.Base64),
        base64UrlEncoded = Text.Replace(Text.Replace(base64Encoded, "+", "-"), "/", "_"),
        withoutPadding = Text.TrimEnd(base64UrlEncoded, "=")
    in 
        withoutPadding;

MyConnector.StartLogin = (resourceUrl, state, display) =>
    let
        baseUri = ..., //Generate uri from resourceUrl
        codeVerifier = Text.NewGuid() & Text.NewGuid(),
        codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
        authorizeUrl = baseUri & "/oauth2/authorize?" & Uri.BuildQueryString([
            client_id = clientId,
            scope = tokenScope,
            state = state,
            code_challenge_method = "S256",
            code_challenge = codeChallenge,
            redirect_uri = redirectUri,
            response_type = "code"])
    in
        [
            LoginUri = authorizeUrl,
            CallbackUri = redirectUri,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = [BaseUri = baseUri, CodeVerifier = codeVerifier]
        ];

View solution in original post

3 REPLIES 3
artemus
Microsoft
Microsoft

You should be able to find what you need in the CryptoAlgorithm.* library. Note this library is only avialable to connectors.

 

E.g.

Binary.ToText(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(str, TextEncoding.Ascii)), BinaryEncoding.Base64)

View solution in original post

thanks...@artemus and how generate, before hashing, high-entropy random string called code_verifier-

This is a cryptographically random string using the characters A-Z, a-z, 0-9, and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long.

Actually see if this works:

 

Base64UrlEncodeWithoutPadding = (hash as binary) as text =>
    let
        base64Encoded = Binary.ToText(hash, BinaryEncoding.Base64),
        base64UrlEncoded = Text.Replace(Text.Replace(base64Encoded, "+", "-"), "/", "_"),
        withoutPadding = Text.TrimEnd(base64UrlEncoded, "=")
    in 
        withoutPadding;

MyConnector.StartLogin = (resourceUrl, state, display) =>
    let
        baseUri = ..., //Generate uri from resourceUrl
        codeVerifier = Text.NewGuid() & Text.NewGuid(),
        codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
        authorizeUrl = baseUri & "/oauth2/authorize?" & Uri.BuildQueryString([
            client_id = clientId,
            scope = tokenScope,
            state = state,
            code_challenge_method = "S256",
            code_challenge = codeChallenge,
            redirect_uri = redirectUri,
            response_type = "code"])
    in
        [
            LoginUri = authorizeUrl,
            CallbackUri = redirectUri,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = [BaseUri = baseUri, CodeVerifier = codeVerifier]
        ];

View solution in original post

Helpful resources

Announcements
PBI User Groups

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Get Ready for Power BI Dev Camp

Power BI Dev Camp - June 24th

Mark your calendars and join us for our next Power BI Dev Camp!

Top Solution Authors
Top Kudoed Authors