PKCE token request errors not handled and request is not shown.

nbarbettini / oidc-debugger

OAuth 2.0 and OpenID Connect debugging tool

https://oidcdebugger.com

MIT License

223 stars 29 forks source link

PKCE token request errors not handled and request is not shown. #85

Open mricherzhagen opened 10 months ago

mricherzhagen commented 10 months ago

There is no error handling for the PKCE token request, and the request that is attempted is also not shown in the UI.

The PKCE token request can fail, for example, if there is no CORS-setting on the server for oauthdebugger.com.

The request should be shown, and the errors should be caught and displayed.

Nevertheless, very useful tool. A little bit surprised it requires a server component, though.

nbarbettini commented 10 months ago

There is no error handling for the PKCE token request, and the request that is attempted is also not shown in the UI.

The PKCE token request can fail, for example, if there is no CORS-setting on the server for oauthdebugger.com.

The request should be shown, and the errors should be caught and displayed.

This is a good suggestion, thanks!

A little bit surprised it requires a server component, though.

I tried to eliminate this, but a server is required for handling POST-based redirect flows.