Wrong dynamic client ID used for code-to-token exchange

Impacted package

Which packages do you think might be impacted by the bug ?

[x] solid-client-authn-browser
[ ] solid-client-authn-node
[x] solid-client-authn-core
[x] oidc-client-ext
[x] (could be PodBrowser?)

Bug description

I am trying to make local PodBrowser work with Keycloak, which is an OIDC compliant AS (but not Solid compliant yet). The library falls back to DCR which is correct; I noticed that two clients are registered with Keycloak, one for the root URL (https://localhost:3001/), another one for the login screen URL (https://localhost:3001/login/). First, the former one is used in a call to Keycloak's authorization endpoint. Next, the latter one is used to call Token endpoint to perform code-to-token exchange. This is not supported by Keycloak (and I doubt it is by any other software), which results in a 400 Bad Request with error=invalid_grant and error_description="Auth error".

This occurs with fairly high probability; however, in some rare cases the correct client ID is used in both calls, and login succeeds.

@justinwb @jamiefiedler

HAR logs for the two respective cases: bug.zip Stack trace: bug.txt

https://user-images.githubusercontent.com/13701445/142276448-4cfb543f-17c6-433d-b967-aec78848f872.mp4

This issue is Firefox-specific and is not observed in Chrome. I've also accidentally discovered that setting a breakpoint in Firefox debugger on ClientRegistrar#getClient() somehow prevents the second DCR call, thus resulting in a successful login.

To Reproduce

Get Keycloak development branch with DPoP support (see below)
Open PodBrowser and point it to your realm, like e.g. http://localhost:8080/auth/realms/solid

Expected result

Successful login and display of pod contents

Actual result

Error popup saying there was an error while getting tokens

Environment

  System:
    OS: Linux 5.10 Mageia 8
    CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 1.80 GB / 15.48 GB
    Container: Yes
    Shell: 5.1.4 - /bin/bash
  Binaries:
    Node: 14.17.6 - /usr/bin/node
    npm: 6.14.15 - /usr/bin/npm
  Browsers:
    Chrome: 95.0.4638.69
    Firefox: 91.3.0esr
  npmPackages:
    @babel/core: ^7.12.16 => 7.12.16 
    @babel/plugin-proposal-class-properties: ^7.12.13 => 7.12.13 
    @babel/preset-react: ^7.12.13 => 7.12.13 
    @datapunt/matomo-tracker-react: ^0.3.1 => 0.3.1 
    @date-io/date-fns: ^1.3.13 => 1.3.13 
    @inrupt/eslint-config-base: ^0.0.4 => 0.0.4 
    @inrupt/eslint-config-react: ^0.0.4 => 0.0.4 
    @inrupt/prism-react-components: ^0.13.7 => 0.13.7 
    @inrupt/solid-client: ^1.15.0 => 1.15.0 
    @inrupt/solid-client-access-grants: ^0.3.3-fix2258-verification-endpoint-discovery-1412767200-263-1635864188.0 => 0.3.3-fix2258-verification-endpoint-discovery-1412767200-263-1635864188.0 
    @inrupt/solid-client-authn-browser: ^1.8.2 => 1.8.2 
    @inrupt/solid-ui-react: ^2.3.1 => 2.3.1 
    @material-ui/core: ^4.11.3 => 4.11.3 
    @material-ui/icons: ^4.11.2 => 4.11.2 
    @material-ui/lab: ^4.0.0-alpha.57 => 4.0.0-alpha.57 
    @material-ui/pickers: ^3.3.10 => 3.3.10 
    @sentry/node: ^6.1.0 => 6.1.0 
    @sentry/react: ^6.1.0 => 6.1.0 
    @sentry/webpack-plugin: ^1.14.0 => 1.14.0 
    @solid/lit-prism-patterns: ^0.13.7 => 0.13.7 
    @solid/lit-prism-theme-sdk-default: ^0.13.7 => 0.13.7 
    @testing-library/dom: ^7.29.4 => 7.29.4 
    @testing-library/jest-dom: ^5.11.9 => 5.11.9 
    @testing-library/react: ^11.2.5 => 11.2.5 
    @testing-library/react-hooks: ^5.1.2 => 5.1.2 
    @testing-library/user-event: ^12.7.1 => 12.7.1 
    @types/jest: ^26.0.20 => 26.0.20 
    @types/react: ^17.0.2 => 17.0.2 
    @types/react-table: ^7.0.28 => 7.0.28 
    @typescript-eslint/eslint-plugin: ^3.10.1 => 3.10.1 
    @typescript-eslint/parser: ^3.10.1 => 3.10.1 
    babel-eslint: ^10.1.0 => 10.1.0 
    babel-jest: ^26.6.3 => 26.6.3 
    date-fns: ^2.23.0 => 2.23.0 
    encoding: ^0.1.13 => 0.1.13 
    eslint: ^7.20.0 => 7.20.0 
    eslint-config-airbnb: ^18.2.0 => 18.2.0 
    eslint-config-airbnb-base: ^14.2.0 => 14.2.0 
    eslint-config-next: ^11.0.1 => 11.0.1 
    eslint-config-prettier: ^6.15.0 => 6.15.0 
    eslint-plugin-babel: ^5.3.1 => 5.3.1 
    eslint-plugin-import: ^2.22.1 => 2.22.1 
    eslint-plugin-jest: ^23.17.1 => 23.20.0 
    eslint-plugin-jsx-a11y: ^6.4.1 => 6.4.1 
    eslint-plugin-license-header: ^0.2.0 => 0.2.0 
    eslint-plugin-prettier: ^3.1.4 => 3.1.4 
    eslint-plugin-react: ^7.21.5 => 7.21.5 
    eslint-plugin-react-hooks: ^4.2.0 => 4.2.0 
    http-link-header: ^1.0.3 => 1.0.3 
    husky: ^4.3.7 => 4.3.7 
    jest: ^26.6.3 => 26.6.3 
    jest-localstorage-mock: ^2.4.3 => 2.4.3 
    jest-mock-extended: ^1.0.10 => 1.0.10 
    jest-raw-loader: ^1.0.1 => 1.0.1 
    jsdom: ^16.4.0 => 16.4.0 
    jsdom-global: 3.0.2 => 3.0.2 
    jss: ^10.5.1 => 10.5.1 
    jss-preset-default: ^10.5.1 => 10.5.1 
    license-checker: ^25.0.1 => 25.0.1 
    next: ^11.0.1 => 11.0.1 
    next-runtime-dotenv: ^1.4.0 => 1.4.0 
    nock: ^13.1.1 => 13.1.1 
    node-mocks-http: ^1.10.1 => 1.10.1 
    prettier: ^2.2.1 => 2.2.1 
    prop-types: ^15.7.2 => 15.7.2 
    raw-loader: ^4.0.2 => 4.0.2 
    rdf-namespaces: ^1.9.2 => 1.9.2 
    react: ^17.0.2 => 17.0.2 
    react-dom: ^17.0.2 => 17.0.2 
    react-id-generator: ^3.0.1 => 3.0.1 
    react-jss: ^10.4.0 => 10.4.0 
    react-table: ^7.6.3 => 7.6.3 
    react-test-renderer: ^17.0.1 => 17.0.1 
    react-transition-group: ^4.4.1 => 4.4.1 
    swr: ^0.4.2 => 0.4.2 
    typescript: ^4.4.3 => 4.4.3 
    uuid: ^8.3.1 => 8.3.1 
    vercel: ^21.2.3 => 21.2.3 
    whatwg-fetch: ^3.5.0 => 3.5.0 
  npmGlobalPackages:
    npm: 6.14.15

Additional information

Testing was performed against the development branch of Keycloak containing Solid-OIDC related improvements. The branch hasn't been published yet; please let me know if you'd like me to provide you with an image or a live instance.

inrupt / solid-client-authn-js