Open cvharris opened 1 year ago
Thanks for submitting this issue with detailed information and steps to reproduce.
Internal ref: OKTA-602355
For now please use authClient.token.exchangeCodeForTokens
as a workaround
Awesome! I will also add that I had to configure withCredentials: false
as well for some reason, otherwise I ran into a CORS issue. Not sure if that's expected or not on the /token
endpoint
Glad the workaround helps! We will fix the issue shortly.
Had the same issue, this works ok but there's no meta property anymore
So instead of
const { meta: { codeVerifier }} = authClient.transactionManager.load()
used
const { codeVerifier } = authClient.transactionManager.load()
Describe the bug?
When using the IDX/OIDC module to authenticate a user with
responseType: 'interaction_code'
, say in an SPA/PKCE setup, theIDXResponse
after successfully answering all challenges will return aninteractionCode
and include theissue()
action for the/token
endpoint. Calling theactions.issue({codeVerifier})
method fails with a 400 Bad Request, because the/token
endpoint expectsContent-Type: 'x-www-form-urlencoded'
but this sends JSON.Instead, calling
authClient.token.exchangeCodeForTokens({interactionCode, codeVerifier })
works as expected because it passes the right Content-Type.I'm guessing that the IDX module does not use the headings described by the
successWithInteractionCode
response, which clearly indicates how to talk to/token
:What is expected to happen?
What is the actual behavior?
Reproduction Steps?
In a sandbox/developer Okta tenant, setup an application that requires PKCE and is used in an SPA, then allow
Interaction Code
enabled for the Grant Type. It shouldn't matter what authentication policies are used.In any of the SPA sample apps, configure the
authClient
as normal:then authenticate using IDX. I don't use
authClient.idx.authenticate
since our app incorporates a number of flows, instead doing this:and then chaining proceed depending on the next steps:
SDK Versions
@okta/okta-auth-js: 7.0.1
Execution Environment
Modern browsers, Chrome
Additional Information?
No response