Bug: Code Challenge for PKCE

Capacitor version:

2.4.6

Library version:

2.1.1

OAuth Provider:

Google

Your Plugin Configuration

     {
        authorizationBaseUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
        accessTokenEndpoint: '',
        scope: this.scope,
        pkceEnabled: true,
        additionalParameters: {
          code_challenge: codeChallenge,
          code_challenge_method: codeChallengeMethod,
          access_type: 'offline'
        },
        resourceUrl: 'https://www.googleapis.com/userinfo/v2/me',
        web: {
          appId: appId,
          responseType: "token",
          accessTokenEndpoint: "",
          redirectUrl: window.location.origin,
          windowOptions: "width=485,height=600,left=0,top=0"
        },
        android: {
          appId: appId,
          responseType: 'code',
          redirectUrl: bundleIdentifier:/
        },
        ios: {
          appId: appId,
          responseType: 'code',
          redirectUrl: process.env.bundleIdentifier:/
        }
      }

Affected Platform(s):

Android

Current Behavior

The above configuration works and it is sending me a code for my backend to authenticate the user.

What I am trying to do is to implement the "code_challenge" outlined in this Google Documentation for better security. So I set in the code_challenge parameters inside additionalParameters.

But when I tried to verify the code in the backend, the google authentication server sents be this {"error": "invalid_grant", "error_description": "code_verifier or verifier is not needed."} which I have no idea whether it is a bug on Google's side or due to me not setting the parameters correctly.

When I inspect the response after running OAuth2Client.authenticate(), the additionalParameters under request key is {}. and also the code_challenge parameter is not found in any part of the response. So I am wondering if the code_challenge is sent to Google, or have I put in the code_challenge parameter in the wrong place?

capacitor-community / generic-oauth2