Issue getting token from Cognito token endpoint since upgrading to V2

[geraldyeo]

Hi,

I'm having issues with getting the access token from Cognito token endpoint since upgrading to V2.

This is the example code of a successful request on Cognito's doc:

POST https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/token&
                            Content-Type='application/x-www-form-urlencoded'&
                            Authorization=Basic ZGpjOTh1M2ppZWRtaTI4M2V1OTI4OmFiY2RlZjAxMjM0NTY3ODkw

                            grant_type=authorization_code&
                            client_id=1example23456789&
                            code=AUTHORIZATION_CODE&
                            redirect_uri=com.myclientapp://myclient/redirect

After troubleshooting, I discovered a couple of things:

• There's an open issue on @oslojs/oauth2 that the Authorization header is missing the Basic prefix
• remix-auth-oauth2's authenticatemethod sets either headers or body, but not both (not sure if I'm mistaken here). However Cognito's request seems to need both.

I'm not sure if it's a bug (by cognito or remix-auth-oauth2) to be fixed, or do I need to extend the strategy and override authenticate.

Any advice?

[geraldyeo]

I tried to trace the values out from the request

[geraldyeo]

Ok, I found out my issue: I implemented my own session storage with MongoDB, and I needed an extra field oauth2:codeVerifier in the schema. The auth flow worked using codeChallengeMethod: "S256" and authenticateWith: "request_body".