Docker is crashing when redirection doesn't have pkceCodes

[v-jauneau]

Hello,

We are using you application with our meraki.

We have an issue that appear on some devices with a bad gateway. After some research we found out that the docker is crashing when pkceCodes.verifier is undefined

/opt/src/auth/authProvider.js:107
                codeVerifier: req.session.pkceCodes.verifier,
                                                    ^

TypeError: Cannot read properties of undefined (reading 'verifier')
    at /opt/src/auth/authProvider.js:107:53
    at Layer.handle [as handle_request] (/opt/node_modules/express/lib/router/layer.js:95:5)
    at next (/opt/node_modules/express/lib/router/route.js:149:13)
    at Route.dispatch (/opt/node_modules/express/lib/router/route.js:119:3)
    at Layer.handle [as handle_request] (/opt/node_modules/express/lib/router/layer.js:95:5)
    at /opt/node_modules/express/lib/router/index.js:284:15
    at Function.process_params (/opt/node_modules/express/lib/router/index.js:346:12)
    at next (/opt/node_modules/express/lib/router/index.js:280:10)
    at Function.handle (/opt/node_modules/express/lib/router/index.js:175:3)
    at router (/opt/node_modules/express/lib/router/index.js:47:12)

Do you have any idea if we can resolve this issue on our hand ?

Regards

[nechry]

hello, if the session object does not contain the generated PKCE codes, the flow cannot continue. The purpose of PKCE (Proof Key for Code Exchange) is to prevent a malicious party from intercepting the authorization code and using it to request an access token. Even if I add the test to see if the pkceCodes is udefined and return an error the result will be the same.

[v-jauneau]

Hello, yes i modified the code to accept an undefined PKCE code but the flow don't continue, do you have any idea why azure is returning a pkce codeverifier undefined ? It doesn't happen every time and mostly on mobiles