Bug: codeVerifier is not set in sessionStorage (sometimes)

bondarev123 commented 5 months ago

I have my web app running on domain 'xxx.com'. Earlier my login url was 'xxx.com:18080', therefore it had its own local and session storage.
Now my login url is 'xxx.com/auth'
The problem is that sometimes (seems randomly) the app may blink for a moment before redirect. In that case CodeVerifier is being set in sessionStorage and everything works fine.
But sometimes the blink does not happen and session storage is empty
Redirect URL has a code challenge, so codeVerifier has been indeed generated

As I say, it never happened when login page was on another port.

Do you have any suggestions?

Steps To Reproduce

Happens randomly (almost certainly in new incognito window)

The current behavior

PKCE_code_verifier is sometimes not being set in session storage

The expected behavior

PKCE_code_verifier is always being set in session storage

sebastianvitterso commented 5 months ago

I can't say that I see any reason why this would happen, and certainly not depending on the port number used. Is that the only thing you've changed since getting these bugs?

bondarev123 commented 5 months ago

Seems like a JS sessionStorage's problem. When changed from sessionStorage to localStorage problem dissapeared.

sebastianvitterso commented 5 months ago

Ok, well it's good that the issue was resolved, but I'm curious as to what was the actual problem. If you'd like to do more research into the issue, go ahead, otherwise feel free to close the issue.

github-actions[bot] commented 3 months ago

Stale issue message

soofstad / react-oauth2-pkce