Custom OAuth 2.0 Provider with PKCE not working? (Laravel Passport) #2778
-
Question 💬Hi, I am trying locally test OAuth 2.0 authentication through a local Laravel Passport server (OAuth 2.0) with PKCE. I am receiving the error "cookie code_verifier not found" when the authorization flow redirects back to nextauth app. Any ideas? Authorization Code grant with PKCE is supported by Laravel Passport. Here's my provider configuration: const options = {
providers: [
{
id: 'userh-account',
name: 'UseRH Account',
type: 'oauth',
version: '2.0',
scope: '',
params: { grant_type: 'authorization_code' },
accessTokenUrl: process.env.USERH_AUTHZ_SERVER_ORIGIN + '/oauth/token',
requestTokenUrl: process.env.USERH_AUTHZ_SERVER_ORIGIN + '/oauth/token',
authorizationUrl:
process.env.USERH_AUTHZ_SERVER_ORIGIN +
'/oauth/authorize?response_type=code',
profileUrl: process.env.USERH_AUTHZ_SERVER_ORIGIN + '/api/user',
async profile(profile, tokens) {
return {
...profile,
tokens
}
},
clientId: process.env.USERH_AUTHZ_CLIENT_ID,
protection: 'pkce',
},
],
session: {
jwt: true,
},
jwt: {},
pages: {},
callbacks: {},
events: {},
theme: 'light',
debug: true,
}How to reproduce ☕️
Contributing 🙌🏽No, I am afraid I cannot help regarding this |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
|
The error originates from here: The next-auth/src/server/lib/oauth/pkce-handler.js Lines 84 to 87 in e8a58a0 Make sure that you have cookies enabled. Also, note that the After that, the user has to try to log in again. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your answer. I am still debugging this issue, however I know it's not the 15 minutes lifetime. Is the authz server responsible to send this cookie back to nextauth? |
Beta Was this translation helpful? Give feedback.
-
|
we set this cookie just before we redirect the user to the authorization endpoint, and we delete it after it has been used |
Beta Was this translation helpful? Give feedback.
-
|
So the authorization server must send the cookie back? Maybe the problem lies there |
Beta Was this translation helpful? Give feedback.
-
|
See: |
Beta Was this translation helpful? Give feedback.
-
|
Nevermind. This is an issue with Inertia.js on the Authorization Server (Larevel Passport + Laravel Fortify + Inertia). For anyone with the same issue, there are problems with Inertia redirecting to external URIs. Thank you for your answers! |
Beta Was this translation helpful? Give feedback.
The error originates from here:
next-auth/src/server/lib/oauth/pkce-handler.js
Line 25 in e8a58a0
The
code_verifieris saved in a secure cookie temporarily:next-auth/src/server/lib/oauth/pkce-handler.js
Lines 84 to 87 in e8a58a0
Make sure that you have cookies enabled. Also, note that the
code_verifiercookie has a lifetime of 15 minutes:next-auth/src/server/lib/oauth/pkce-handler.js
Line 9 in e8a58a0