Explain LocalOAuth2ImplementationWithPkce in application credentials (#2584)

* Explain LocalOAuth2ImplementationWithPkce in application credentials * Adjusted imports in sample code * Remove URL anchor --------- Co-authored-by: Martin Hjelmare <marhje52@gmail.com>
2025-07-19 15:26:29 +00:00 · 2025-03-17 21:12:48 +01:00 · 2025-03-17 21:12:48 +01:00 · abb16b8822
commit abb16b8822
parent d3f358deb3
1 changed files with 26 additions and 1 deletions
--- a/docs/core/platform/application_credentials.md
+++ b/docs/core/platform/application_credentials.md
@ -74,6 +74,31 @@ async def async_get_auth_implementation(
    )
 ```

+### Authorization flow with PKCE Support
+
+If you want to support [PKCE](https://www.rfc-editor.org/rfc/rfc7636) you can return the `LocalOAuth2ImplementationWithPkce` in `application_credentials.py` as follows:
+
+```python
+from homeassistant.core import HomeAssistant
+from homeassistant.helpers.config_entry_oauth2_flow import AbstractOAuth2Implementation, LocalOAuth2ImplementationWithPkce
+from homeassistant.components.application_credentials import AuthImplementation, ClientCredential
+
+
+async def async_get_auth_implementation(
+    hass: HomeAssistant, auth_domain: str, credential: ClientCredential
+) -> AbstractOAuth2Implementation:
+    """Return auth implementation for a custom auth implementation."""
+    return LocalOAuth2ImplementationWithPkce(
+        hass,
+        auth_domain,
+        credential.client_id,
+        authorize_url="https://example.com/auth",
+        token_url="https://example.com/oauth2/v4/token",
+        client_secret=credential.client_secret, # optional `""` is default
+        code_verifier_length=128 # optional
+    )
+```
+
 ## Import YAML credentials

 Credentials may be imported by integrations that used to accept YAML credentials using the import API `async_import_client_credential` provided by the application credentials integration.