Closed luschmar closed 1 year ago
2023-06-01 21:23:43 [01.06.2023 21:23.43.183] [ERROR] Whoops! There was an uncaught exception...
2023-06-01 21:23:43 [01.06.2023 21:23.43.185] [ERROR] OPError: invalid_request (code_verifier is required)
2023-06-01 21:23:43 at processResponse (/opt/magic_mirror/modules/***/node_modules/openid-client/lib/helpers/process_response.js:38:13)
2023-06-01 21:23:43 at Client.grant (/opt/magic_mirror/modules/***/node_modules/openid-client/lib/client.js:1327:22)
2023-06-01 21:23:43 at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-06-01 21:23:43 at async DeviceFlowHandle.poll (/opt/magic_mirror/modules/***/node_modules/openid-client/lib/device_flow_handle.js:63:18)
2023-06-01 21:23:43 at async Class.issueCodeChallenge (/opt/magic_mirror/modules/***/node_helper.js:61:19) {
2023-06-01 21:23:43 error: 'invalid_request',
2023-06-01 21:23:43 error_description: 'code_verifier is required'
1) PKCE is not an extension registered for use with the Device Authorization Grant, it's use or enforcement in such flow is questionable, surprising to say the least.
2) If you absolutely must send code_verifier with the Access Token Request to whichever Authorization Server deems it necessary to, use the existing client.deviceAuthorization()
API, extras.exchangeBody
to be specific.
Thank you for your input. - Sorry for raising a Bug - I didn't see passing my stuff with extras.exchangeBody
. This works for me - AS seems to enforce PKCE for Device Flow. I cannot follow your claim PKCE for this flow is questionable?
Describe the bug The poll method won't send code_verifier in /token request. Some OAuth Server enforce PKCE on /token requests on Device Flow.
To Reproduce Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
Steps to reproduce the behaviour:
Expected behaviour
Environment:
Additional context Add any other context about the problem here.