Missing `client_id`

[scefali]

I am trying to set up remix-auth-oauth2 with Google and Microsoft. In both cases, I see that I am getting an error like:

The request body must contain the following parameter: 'client_id'

I would think that I could use the simple out-of-the-box OAuth2Strategy for each but that fails:

new OAuth2Strategy(
  {
    authorizationEndpoint:
      'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
    tokenEndpoint: `https://login.microsoftonline.com/common/oauth2/v2.0/token`,
    clientId: microsoftClientId,
    clientSecret: microsoftClientSecret,
    redirectURI: `${baseUrl}/auth/microsoft/callback`,
    scopes: ['openid', 'profile', 'email'],
  },

Have pretty much the an analogous setup with Google, and I see the same error when I put debugging in the underlying @oslojs/oauth2 library (note that there is a problem there where error gets propagated error_description doesn't, the latter has the actual failing info). Am I doing something wrong or is this a bug?

[cherewaty]

I discovered that I had to explicitly set the authenticateWith option to request_body. It's documented as optional, but this part of the logic wasn't firing without it: https://github.com/sergiodxa/remix-auth-oauth2/blob/6df15b7b0190e0df690a5ba88fd5f9265e91311d/src/index.ts#L402

[cherewaty]

Follow up: After fixing the missing client_id, I ran into an invalid_grant issue. I solved that by explicitly setting codeChallengeMethod to S256.

Should authenticateWith and codeChallengeMethod be optional? Are they just missing intended defaults in v2.0.0?

[sergiodxa]

A default codeChallengeMethod and authenticateWith is now set starting v2.1.0.