Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Atlanta from March 16 - 20, 2026, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM. Register now.

Reply
Anonymous
Not applicable

OAuth2 Data Connector with PKCE -SHA256 hashing, is it possible?

‎01-20-2021 02:19 AM

Hi,

I am trying to implement OAuth2 in custom connector. I should pass code_challenge_method with a value plain or  SHA256. Does Power Query has an function to do the hashing? Because how I understand pass plain value, not suggested.

"Method used to generate the challenge (e.g., S256). The PKCE spec defines two methods, S256 and plain, the former is used in this example and is the only one supported by Auth0 since the latter is discouraged."

https://auth0.com/docs/flows/call-your-api-using-the-authorization-code-flow-with-pkce#javascript-sa... 

 

@artemus 

Labels:
Message 1 of 4
3,419 Views
0
2 ACCEPTED SOLUTIONS
artemus
Microsoft Employee
Microsoft Employee

‎01-20-2021 05:33 AM

You should be able to find what you need in the CryptoAlgorithm.* library. Note this library is only avialable to connectors.

 

E.g.

Binary.ToText(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(str, TextEncoding.Ascii)), BinaryEncoding.Base64)

View solution in original post

Message 2 of 4
3,383 Views
0
artemus
Microsoft Employee
Microsoft Employee
In response to Anonymous

‎01-20-2021 06:41 AM

Actually see if this works:

 

Base64UrlEncodeWithoutPadding = (hash as binary) as text =>
    let
        base64Encoded = Binary.ToText(hash, BinaryEncoding.Base64),
        base64UrlEncoded = Text.Replace(Text.Replace(base64Encoded, "+", "-"), "/", "_"),
        withoutPadding = Text.TrimEnd(base64UrlEncoded, "=")
    in 
        withoutPadding;

MyConnector.StartLogin = (resourceUrl, state, display) =>
    let
        baseUri = ..., //Generate uri from resourceUrl
        codeVerifier = Text.NewGuid() & Text.NewGuid(),
        codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
        authorizeUrl = baseUri & "/oauth2/authorize?" & Uri.BuildQueryString([
            client_id = clientId,
            scope = tokenScope,
            state = state,
            code_challenge_method = "S256",
            code_challenge = codeChallenge,
            redirect_uri = redirectUri,
            response_type = "code"])
    in
        [
            LoginUri = authorizeUrl,
            CallbackUri = redirectUri,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = [BaseUri = baseUri, CodeVerifier = codeVerifier]
        ];

View solution in original post

Message 4 of 4
3,378 Views
3 REPLIES 3
artemus
Microsoft Employee
Microsoft Employee

‎01-20-2021 05:33 AM

You should be able to find what you need in the CryptoAlgorithm.* library. Note this library is only avialable to connectors.

 

E.g.

Binary.ToText(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(str, TextEncoding.Ascii)), BinaryEncoding.Base64)
Message 2 of 4
3,384 Views
0
Anonymous
Not applicable
In response to artemus

‎01-20-2021 05:40 AM

thanks...@artemus and how generate, before hashing, high-entropy random string called code_verifier-

This is a cryptographically random string using the characters A-Z, a-z, 0-9, and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long.

Message 3 of 4
3,381 Views
0
artemus
Microsoft Employee
Microsoft Employee
In response to Anonymous

‎01-20-2021 06:41 AM

Actually see if this works:

 

Base64UrlEncodeWithoutPadding = (hash as binary) as text =>
    let
        base64Encoded = Binary.ToText(hash, BinaryEncoding.Base64),
        base64UrlEncoded = Text.Replace(Text.Replace(base64Encoded, "+", "-"), "/", "_"),
        withoutPadding = Text.TrimEnd(base64UrlEncoded, "=")
    in 
        withoutPadding;

MyConnector.StartLogin = (resourceUrl, state, display) =>
    let
        baseUri = ..., //Generate uri from resourceUrl
        codeVerifier = Text.NewGuid() & Text.NewGuid(),
        codeChallenge = Base64UrlEncodeWithoutPadding(Crypto.CreateHash(CryptoAlgorithm.SHA256, Text.ToBinary(codeVerifier, TextEncoding.Ascii))),
        authorizeUrl = baseUri & "/oauth2/authorize?" & Uri.BuildQueryString([
            client_id = clientId,
            scope = tokenScope,
            state = state,
            code_challenge_method = "S256",
            code_challenge = codeChallenge,
            redirect_uri = redirectUri,
            response_type = "code"])
    in
        [
            LoginUri = authorizeUrl,
            CallbackUri = redirectUri,
            WindowHeight = 720,
            WindowWidth = 1024,
            Context = [BaseUri = baseUri, CodeVerifier = codeVerifier]
        ];
Message 4 of 4
3,379 Views

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Kudoed Authors
View All