oauth-pkse-flow.js

// Step One: Generate a verifier

function base64URLEncode(str) {
    return str.toString('base64')
        .replace(/\+/g, '-')
        .replace(/\//g, '_')
        .replace(/=/g, '')
}
var verifier = base64URLEncode(crypto.randomBytes(32))

// Step Two: Generate a challenge from the verifier

function sha256(buffer) {
    return crypto.createHash('sha256').update(buffer).digest()
}
var challenge = base64URLEncode(sha256(verifier))

// Step Three: Direct your user to the GET /oauth/authorize endpoint
//
// Example URL: https://example.org/oauth/authorize
// Params: client_id=<CLIENT_ID>
//         redirect_uri=http://127.0.0.1:8990/callback
//         response_type=code
//         code_challenge=<CHALLENGE_VAR>
//         code_challenge_method=S256

// Step Four: Callback is given code parameter.

var code = request.parameters('code')

// Step Five: Request token providing the code_verifier

// Example URL: https://example.org/oauth/token
// Params: client_id=<CLIENT_ID>
//         redirect_uri=http://127.0.0.1:8990/callback
//         grant_type=authorization_code
//         code=<CODE_VAR>
//         code_verifier=<VERIFIER_VAR>

fetch(url, { method: 'POST' })
  .then((res) => { res.json() })
  .then((payload) => {
    var accessToken = payload.access_token
  })