diff --git a/src/shared/components/common/modal/create-or-edit-oauth-provider-modal.tsx b/src/shared/components/common/modal/create-or-edit-oauth-provider-modal.tsx
index a0112f27..8549a122 100644
--- a/src/shared/components/common/modal/create-or-edit-oauth-provider-modal.tsx
+++ b/src/shared/components/common/modal/create-or-edit-oauth-provider-modal.tsx
@@ -50,6 +50,7 @@ interface ProviderTextFieldProps extends ProviderFieldProps {
}
type ProviderBooleanProperties =
+ | "use_pkce"
| "enabled"
| "account_linking_enabled"
| "auto_verify_email";
@@ -337,6 +338,18 @@ export default class CreateOrEditOAuthProviderModal extends Component<
handleBooleanPropertyChange,
)}
/>
+
{
show_nsfw: local_oauth_state.show_nsfw,
username: local_oauth_state.username,
answer: local_oauth_state.answer,
+ ...(local_oauth_state?.pkce_code_verifier && {
+ pkce_code_verifier: local_oauth_state.pkce_code_verifier,
+ }),
});
switch (loginRes.state) {
diff --git a/src/shared/components/home/oauth/oauth-provider-list-item.tsx b/src/shared/components/home/oauth/oauth-provider-list-item.tsx
index e87ae3f1..b538e5a2 100644
--- a/src/shared/components/home/oauth/oauth-provider-list-item.tsx
+++ b/src/shared/components/home/oauth/oauth-provider-list-item.tsx
@@ -86,6 +86,10 @@ export default function OAuthProviderListItem({
i18nKey="oauth_account_linking_enabled"
data={boolToYesNo(provider.account_linking_enabled)}
/>
+
{
+ const randomValues = crypto.getRandomValues(
+ new Uint32Array(PKCE_VERIFIER_LENGTH),
+ );
+
+ const code_verifier = urlUnpaddedBase64Encode(
+ Array.from(randomValues)
+ .map(n => PKCE_ALPHABET[n % PKCE_ALPHABET.length])
+ .join(""),
+ );
+ const code_verifier_digest = await crypto.subtle.digest(
+ PKCE_ALGORITHM,
+ new TextEncoder().encode(code_verifier),
+ );
+ const code_verifier_hash = new Uint8Array(code_verifier_digest);
+
+ let code_challenge = "";
+ for (let i = 0; i < code_verifier_hash.byteLength; i++) {
+ code_challenge = code_challenge.concat(
+ String.fromCharCode(code_verifier_hash[i]),
+ );
+ }
+
+ return [urlUnpaddedBase64Encode(code_challenge), code_verifier];
+}