While I understand this topic has been previously discussed, I believe it's still relevant due to the similarity in my use case.
I'm currently integrating Discord login into my application using the OpenID Connect identity provider. My goal is to implement a custom user experience that doesn't rely on FusionAuth's hosted login pages.
As mentioned in previous discussions, the current documentation doesn't provide a way to pass the PKCE code_verifier when requesting the "Complete an OpenID Connect Login" endpoint.
I'd like to propose two improvements:
Allow passing code, code_verifier (optional), and redirect_uri in the request payload. This would provide a more flexible and allow the usage of PKCE;
Allow passing an access token directly. This would eliminate the need for FusionAuth process the exchange step, similar to how Facebook's identity provider works (for example). This would probably also require the configuration of an endpoint to fetch the user email or username.
As a side note, since discord access_token is not a JWT I believe this cannot be done using the "External JWT" identity provider.
Hope you can help me with this.
Thanks!