PKCE Parameters for Snapchat

Question

I'm attempting to write a django-allauth Provider for Snapchat and I'm stuck at a roadblock.

Snapchat requires PKCE parameters. I first changed the AUTH_PARAMS.

'AUTH_PARAMS': {
            'code_challenge': 'state',
            'code_challenge_method': "S256"
        }

This has only resulted in invalid responses from the Snapchat API upon Access_Token Request after I have the code response.

This error the first error I got.

{'error': 'invalid_request', 'error_description': 'Invalid code_verifier length.', 'state': ''}

After overriding the SocialLogin.stash_state I receive this error.

{'error': 'invalid_grant', 'error_description': 'Invalid code_verifier.', 'state': ''}

From what I can dig through the code of all auth I can't find anything in the codebase on the PKCE parameters or base64 Url SHA256 encoding.

I'm willing to implement the solution but I'm stuck finding where to subclass the state parameters then match them after.

There are some issues around the Snapchat Docs with this as well.

https://gist.github.com/CisarJosh/733bb76a13f36f0a7944f05d257bb3f6

This is a gist of some of my attempts.

Answer 1

I think this will get you started:

from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
import secrets
import base64
import hashlib
import urllib.parse

VOCAB = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-._~0123456789"


def generate_code_verifier() -> str:
    length = max(43, secrets.randbelow(129))
    return "".join([secrets.choice(VOCAB) for i in range(0, length)])


def generate_state() -> str:
    return secrets.token_urlsafe(32)


class SnapchatProvider(OAuth2Provider):
    def get_auth_params(self, request, action):
        params = super().get_auth_params(request, action)
        code_verifier = generate_code_verifier()
        state = generate_state()
        # store this state token somewhere so it can be looked up
        challenge = hashlib.sha256(code_verifier).digest()
        encoded = base64.b64encode(challenge)
        urlencoded = urllib.parse.quote_plus(encoded)
        params.update(state=state, code_challenge=urlencoded)
        
        return params

That's my interpretation of the spec for that part.