How do I properly save the "code_verifier" string to a cookie?

[bobber205]

Not sure what a propery workflow is here.

I have two routes

/login/openid

/login/openid/callback

Before I call performAuthorizationRequest the request object doesn't have anything set for internal.code_verifier.

If I do this

let json = await authRequest.toJSON() it calls this https://github.com/openid/AppAuth-JS/blob/cf6bb68dfe630c5d5f415bdcc76ea2581f041d8f/src/authorization_request.ts#L79 and sets the internal.code_verifier value.

Makes sense right?

But internal.code_verifier it reset with each request and there is no way to set it before a request. How should I properly access this value so I can save it to say a local http only cookie or in the session object so that when my /callback route is called I pass as part of the arguments to performTokenRequest ?

FWIW you can call toJSON() and it sets a different value to internal.code_verifier each time. Is that on purpose?

• AppAuth-JS version: _latest___
• AppAuth-JS Environment (Node, Browser (UserAgent), ...): ___nodejs 16____
• Source code snippts (inline or JSBin)

[tikurahul]

You can build your own AuthorizationRequestHandler that saves the code_verifier to storage. Use the existing one as reference.