I have been trying to implement a very simple authorization flow with PKCE using Expo. However, whenever I send an authorization code grant request, I keep getting a “failed to verify code verifier” issue. To debug, I have been using a hardcoded code verifier and code challenges, so I don’t believe the actual codes are an issue(I have tried many codes generated by different websites).
For reference, I use the useAuthRequest for the initial authentication
const [request, result, promptAsync] = AuthSession.useAuthRequest(
{
redirectUri,
clientId: auth0ClientId,
codeChallenge: '4OR_LblKq84iLlVqQg3wLOxV2bx01CN--4XqcIrgxZc',
codeChallengeMethod: AuthSession.CodeChallengeMethod.S256, //have also tried 'S256'
responseType: "code",
usePKCE: true, //have also tried 'true'
scopes: ["openid"],
extraParams: {
// ideally, this will be a random value
audience: audienceURL,
//nonce: "nonce",
},
},
{ authorizationEndpoint }
);
Afterwards, I print out the generated code and put it into a postman request, which looks like this:
I have also tried running an axios post request in Node.JS with no success.
As an alternative, I am also willing to try the authorization flow without PKCE. However, the /oauth/token endpoint keeps expecting a code_verifier parameter despite usePKCE being set to false in the authentication request. So I am not sure how to tell auth0 to use pkce or not when making the initial authentication.
Sorry if this is a pointless question, I am rather new to oauth, auth0, and react native.
Any help would be appreciated!