只是使用 expo 构建一个需要与 Epic 连接的应用程序,我使用 expo-auth-session 作为身份验证库,代码如下:
import {
useAuthRequest,
CodeChallengeMethod,
makeRedirectUri,
} from "expo-auth-session"
const { codeChallenge, codeVerifier } = pkceChallenge();
const [ , , promptAsync] = useAuthRequest(
{
usePKCE: true,
responseType: "code",
clientId: epicClientId,
redirectUri,
scopes: ['fhirUser'],
codeChallengeMethod: CodeChallengeMethod.S256,
codeChallenge: codeChallenge,
extraParams: {
aud: 'my FHIR R4 URL'
}
},
{
authorizationEndpoint: 'authorizationEndpoint from epic',
tokenEndpoint: "tokenEndpoint from epic",
}
);
但总是出现这样的错误
{"authentication": null, "error": [Error: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
More info: PKCE required for unsecured redirects], "errorCode": null, "params": {"error": "invalid_request", "error_description": "PKCE required for unsecured redirects", "state": "6Tul1Tw6mW"}, "type": "error", "url": "exp://192.168.1.9:8081/?error=invalid_request&error_description=PKCE+required+for+unsecured+redirects&state=6Tul1Tw6mW"}
我知道expo在本地使用像exp://192.168.1.9:8081这样的url,但我想我已经正确设置了codeChallengeMethod和codeChallenge,还在服务器的redirectURI列表中将exp://192.168.1.9:8081设置为redirectURI,所以真的不知道出了什么问题,有人有线索吗?
好像每个服务器之间的 PKCE 策略都不同,一些医疗部门可能会使用严格的策略,不允许任何自定义 url,如 myapp://main,我最后只是弹出一个 webview 来完成整个 OAuth 过程,然后监控url 并获取我想要的代码,只是想提醒其他人不要在这上面浪费时间