search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
23.24k stars 3.18k forks source link

PKCE code_verifier cookie was missing Google Provider #8562

Closed rmand97 closed 10 months ago

rmand97 commented 10 months ago

Environment

System: OS: Linux 5.15 Ubuntu 22.04.2 LTS 22.04.2 LTS (Jammy Jellyfish) CPU: (12) x64 AMD Ryzen 5 5600 6-Core Processor Memory: 11.84 GB / 15.59 GB Container: Yes Shell: 3.6.0 - /usr/bin/fish Binaries: Node: 19.6.1 - ~/.asdf/installs/nodejs/19.6.1/bin/node Yarn: 1.22.19 - ~/.asdf/shims/yarn npm: 9.4.0 - ~/.asdf/plugins/nodejs/shims/npm

Reproduction URL

https://github.com/rmand97/test-app

Describe the issue

When i sign in with Google as a provider with AuthJS on SvelteKit, i get the following error: 

[auth][error][InvalidCheck]: Read more at https://errors.authjs.dev#invalidcheck
[auth][cause]: Error: PKCE code_verifier cookie was missing.
    at <anonymous> (/home/rma/code/test-app/node_modules/@auth/sveltekit/node_modules/@auth/core/lib/oauth/checks.js:42:14)
    at asyncFunctionResume (native)
    at use (/home/rma/code/test-app/node_modules/@auth/sveltekit/node_modules/@auth/core/lib/oauth/checks.js:36:16)
    at <anonymous> (/home/rma/code/test-app/node_modules/@auth/sveltekit/node_modules/@auth/core/lib/oauth/callback.js:52:32)
    at asyncFunctionResume (native)
    at promiseReactionJobWithoutPromiseUnwrapAsyncContext (native)
    at promiseReactionJob (native)
    at processTicksAndRejections (native)
[auth][details]: {
  "provider": "google"
}

My hooks.server.ts looks like this:

import { SvelteKitAuth } from '@auth/sveltekit';
import GoogleProvider from '@auth/core/providers/google';
import { PrismaAdapter } from '@next-auth/prisma-adapter';
import { GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET } from '$env/static/private';
import { PrismaClient } from '@prisma/client';

const prisma = new PrismaClient();

export const handle = SvelteKitAuth({
    adapter: PrismaAdapter(prisma),
    // the session override fixes a weird bug in the adapter
    // src: https://github.com/nextauthjs/next-auth/issues/6076#issuecomment-1354087465
    session: {
        strategy: 'database',
        generateSessionToken: () => {
            return crypto.randomUUID();
        }
    },
    providers: [GoogleProvider({ clientId: GOOGLE_CLIENT_ID, clientSecret: GOOGLE_CLIENT_SECRET })]

});

Should note I use Bun 1.0.0

How to reproduce

Try to log in with Google as a provider

Expected behavior

Logging in

balazsorban44 commented 10 months ago

Can you verify if it's working with Node.js? If so, it's a Bun bug and should be reported at their repository instead

rmand97 commented 10 months ago

@balazsorban44 Yes of course! Will look into it tomorrow!

brenobaroni commented 10 months ago

i have an problem look like this, refresh token happens 2 times then i lost refresh_token, the old refresh token is called.

Claers commented 10 months ago

Hello just tested, when running with bun --bun the error shows but not when using bun run cmd (so running with vite under) ! So yas bun related !

brenobaroni commented 10 months ago

I will try this thanks

jshikanova commented 10 months ago

Hello just tested, when running with bun --bun the error shows but not when using bun run cmd (so running with vite under) ! So yas bun related !

I was having the same issue, skipping --bun flag helped. Thank you!

jshikanova commented 10 months ago

It looks like they fixed this issue in Bun v1.0.2, at least it now works as expected for me