Auth0 Authorization Code Grant Flow with PKCE in C#

By | February 7, 2017

I was recently checking out Auth0 for a Xamarin Forms mobile app and trying to follow their walkthrough for authorization code grant flow with PKCE.

They have C# sample code for most other scenarios on their site, but not for this one.

Converting the Java sample to C# was straight forward, but it didn’t work. The code verifier and challenge were not right somehow.

The key was how to base64 encode the verifier and challenge. I found this in Appendix A of the RFC. You need to base64 encode without padding. Once I did my encoding using their sample code, the code verifier and challenge were generated properly and worked in the calls to Auth0.

Here’s a small helper class for creating a proper code verifier and code challenge. I’m using the PCLCrypto nuget package for the crypto bits. Note the Base64UrlEncode method. That’s where the magic happens.

Leave a Reply

Your email address will not be published. Required fields are marked *