Comments (3)
2023-06-01 21:23:43 [01.06.2023 21:23.43.183] [ERROR] Whoops! There was an uncaught exception...
2023-06-01 21:23:43 [01.06.2023 21:23.43.185] [ERROR] OPError: invalid_request (code_verifier is required)
2023-06-01 21:23:43 at processResponse (/opt/magic_mirror/modules/***/node_modules/openid-client/lib/helpers/process_response.js:38:13)
2023-06-01 21:23:43 at Client.grant (/opt/magic_mirror/modules/***/node_modules/openid-client/lib/client.js:1327:22)
2023-06-01 21:23:43 at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-06-01 21:23:43 at async DeviceFlowHandle.poll (/opt/magic_mirror/modules/***/node_modules/openid-client/lib/device_flow_handle.js:63:18)
2023-06-01 21:23:43 at async Class.issueCodeChallenge (/opt/magic_mirror/modules/***/node_helper.js:61:19) {
2023-06-01 21:23:43 error: 'invalid_request',
2023-06-01 21:23:43 error_description: 'code_verifier is required'
from node-openid-client.
- PKCE is not an extension registered for use with the Device Authorization Grant, it's use or enforcement in such flow is questionable, surprising to say the least.
- If you absolutely must send code_verifier with the Access Token Request to whichever Authorization Server deems it necessary to, use the existing
client.deviceAuthorization()
API,extras.exchangeBody
to be specific.
from node-openid-client.
Thank you for your input. - Sorry for raising a Bug - I didn't see passing my stuff with extras.exchangeBody
. This works for me - AS seems to enforce PKCE for Device Flow. I cannot follow your claim PKCE for this flow is questionable?
from node-openid-client.
Related Issues (20)
- Passport strategy broken with iss in authentication request HOT 3
- JWT signature error validations aren't passed through
- Need option for verify AZP when AUD is an array
- Device flow with GitHub does not continue to poll HOT 3
- Auth server and Postman non-conforming? HTTP Basic Auth x-www-form-urlencoded HOT 2
- Client.userinfo does not accept other header than Authorization HOT 3
- Always return an error saying please use an absolute URL HOT 1
- Low-level errors during `Issuer.discover()` cause error without stack trace
- Type checking httpOptions and rejectUnauthorized
- RPError thrown when IdToken JWE Header enc is blank HOT 2
- client won't run under `edge` runtime HOT 1
- Support setting client_secret to an empty string when using client_secret_basic or client_secret_post HOT 1
- Cannot assign to read only property 'dpopProof' of object '#<Client>' HOT 2
- Unsuccessful Callback to Unknow client side error HOT 10
- isKeyObject check fails in Bun HOT 5
- Scope delimiter replace problem HOT 2
- Multiple authenticate requests from the same session causes state mismatch HOT 1
- Can't authenticate when the server advertises authorization_response_iss_parameter_supported HOT 2
- Requests made without Accept-Encoding header HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-openid-client.