Missing code verifier

[alucardu]

I'm trying to log in through Google and retrieve a user from our own user service but I'm getting an error:

{error: "invalid_grant", error_description: "Missing code verifier."}

During the sign in process I can see a code_verifier value in my local storage:

nuxt config set up:

google: {
  endpoints: {
    authorization: 'https://accounts.google.com/o/oauth2/auth',
    token: 'https://****.&&**/api/v0/auth/social',
    userInfo: false
  },
  token: {
    property: 'jwt'
  },
  responseType: 'code',
  grantType: 'client_credentials',
  accessType: 'offline',
  redirectUri: socialLoginUrl + '/account/aanmelden',
  clientId: '*****ctkel4jmqjtrc.apps.googleusercontent.com',
  codeChallengeMethod: 'S256'
}

https://github.com/nuxt-community/auth-module/blob/dev/src/schemes/oauth2.ts line #395

code_verifier: codeVerifier

Do I have to configure the codeVerifier property in my Nuxt Config? Or is it possible that the api call in the back end needs to send the code verifier to google as well?

[lorenzdiener]

I'm experiencing a similar issue - did you already find a solution for your problem?

I use an OAuth2 scheme with pixie. Having local storage disabled and using only state and cookie storage seems to somehow break the authorization flow. The pkce_code_verifier is set before redirecting to the authorization endpoint, but it is deleted again before the user gets redirected back to my page. The token endpoint is then called without the required parameter code_verifier.

nuxt config set up:

  auth: {
    redirect: {
      callback: "/authenticated",
      home: false,
      logout: false
    },
    rewriteRedirects: false,
    fullPathRedirect: false,
    strategies: {
      customStrategy: {
        endpoints: {
          authorization: `https://example.com/connect/authorize`,
          token: `https://example.com/connect/token`,
          userInfo: `https://example.com/connect/userinfo`,
        },
        token: {
          property: "access_token",
          type: "Bearer",
        },
        refreshToken: {
          property: "refresh_token",
        },
        responseType: "code",
        grantType: "authorization_code",
        redirectUri: 'http://localhost:3000/authenticated',
        clientId: "MyClient",
        scope: [
          "openid",
          "offline_access",
        ],
        codeChallengeMethod: "S256"
      }
    },
    cookie: {
      options: {
        expires: 2
      }
    },
    localStorage: false
  }

Setting localStorage: true fixes the token request for me. However for me this is not the expected behavior, even after debugging the method calls for $storage.getUniversal() and $storage.setUniversal.

I'm currently using version 5.0.0-1624817847.21691f1.

[aozmekik]

I was getting the same error. The problem is interesting here.

The problem was, simply pkce_code_verifier wasn't there as soon as we are redirected from authentication server.

At first I was connecting to the frontend client from http://localhost:3000.

I had given the redirect URL http://127.0.0.1:3000. Hence, I was being redirected to this address by getting the authorization code. But here's the trick: http://localhost:3000 and http://127.0.0.1:3000 have different local storages. So when I came back it couldn't find the pkce_code_verifier .

The address you originally connected to your frontend with redirect uri should be the same so that you can access the same local storage when you return.