auth-js icon indicating copy to clipboard operation
auth-js copied to clipboard

Published 20 hours ago verified publisher icon supabase

Invalid parameter value for code_challenge_method: 's256' with PCKE & Google

Open imownbey opened this issue 1 year ago • 13 comments

Bug report

  • [x] I confirm this is a bug with Supabase, not with my own application.
  • [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Trying to use the new pkce auth flow with Google sign in based on the blog post: https://supabase.com/blog/supabase-auth-sso-pkce#server-side-and-mobile-auth I get the following error when showing the google login screen:

Invalid parameter value for code_challenge_method: 's256' is not a valid CodeChallengeMethod [Learn more about this error](https://developers.google.com/identity/protocols/oauth2)

Error 400: invalid_request

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Go to '…'
  2. Click on '…'
  3. Scroll down to '…'
  4. See error

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

  • OS: [e.g. macOS, Windows]
  • Browser (if applies) [e.g. chrome, safari]
  • Version of supabase-js: [e.g. 6.0.2]
  • Version of Node.js: [e.g. 10.10.0]

Additional context

Add any other context about the problem here.

imownbey avatar Apr 24 '23 20:04 imownbey

Running into this issue as well. Works without PCKE enabled.

nick-barth avatar Apr 30 '23 09:04 nick-barth

Hi @imownbey, @nick-barth, apologies for the late reply, are you guys still experiencing this issue? It would really help if you can include the steps taken to reproduce this or a link to a gist

kangmingtay avatar Aug 24 '23 23:08 kangmingtay

Also running into this. I downgraded my version of @supabase/auth-helpers-nextjs and that fixed it.

colestriler avatar Sep 05 '23 15:09 colestriler

@colestriler can you elaborate on the steps taken to reproduce this please? are you using the signInWithOAuth method? it would be great if you can reach out to us on support (https://supabase.com/dashboard/support/new) so that we can investigate further

kangmingtay avatar Sep 05 '23 18:09 kangmingtay

@kangmingtay turns out downgrading did not totally fix the issue.

You can replicate the issue by cloning this repo https://github.com/silentworks/safari-vercel-test and trying to authenticate with Google on localhost (i.e. NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321).

I posted in Discord earlier today and @silentworks said it's likely my Google console setup (https://discord.com/channels/839993398554656828/1148690630348906577/1148690630348906577).

I ended up deploying the app with the same Google console keys to test if it was only an issue on localhost, and it works fine on prod.

Note: if I run my app locally and point NEXT_PUBLIC_SUPABASE_URL at my prod database, it also works fine.

blocked

colestriler avatar Sep 05 '23 21:09 colestriler

hey @colestriler, can you please reach out to us through support (https://supabase.com/dashboard/support/new) - it will be easier to investigate if we have your project ref / ask for more sensitive information pertaining to your setup.

kangmingtay avatar Sep 12 '23 04:09 kangmingtay

Having the same issue here as well with local supabase DB.

I haven't investigated deeply but if the library really meant to pass code_challenge_method as s256, I think it can be case sensitive, i.e., should be S256. Indeed, if I change the value to upper case, it works for me.

kn avatar Sep 27 '23 03:09 kn

Same problem here, and it works if I change "s256" to "S256" in the query string.

patrikengborg avatar Oct 02 '23 06:10 patrikengborg

I don't understand where to make this change and how?

OlegGulevskyy avatar Nov 04 '23 16:11 OlegGulevskyy

https://github.com/search?q=repo%3Asupabase%2Fgotrue-js+s256&type=code

sroussey avatar Nov 16 '23 02:11 sroussey

Test case https://github.com/sroussey/test-supabase

sroussey avatar Nov 16 '23 16:11 sroussey

Hey team,

Thanks for reporting the issue and for supplying a test repository - I'm not able to replicate this issue though - this is what it looks like on my end.

The code_challenge_method param is intended for Supabase Auth and not for Google. There was a known issue in April where the code_challenge_method param was not sanitized which lead to the error. It was patched in late April/early May and we haven't observed repeat instances since then

Could I trouble you to try clearing both package-lock.json and node_modules and reinstalling after?

Alternatively, if there's a staging environment or another test repository where we can replicate this we can take a look further.

Let us know

Thanks!

J0 avatar Dec 20 '23 07:12 J0

I never use npx supabase start/stop so it never updates (I start and stop docker instead). I imagine many people do this.

While the bug was fixed long ago, it was not fixed in my local dev since my local supabase never updated.

sroussey avatar Dec 22 '23 22:12 sroussey

Hey team,

Going to close the issue as it should be fixed last year as well as in the latest update. Feel free to re-open if it persists for you though

J0 avatar Jun 17 '24 09:06 J0