We’re continuing to see about 10-50% failure rates in our PKCE native iOS App. We did follow the recent blog post: (Add Authentication To Your iOS Apps with Centralized Login) and don’t see any failures in that sample.
But, within our code, we do see problems, here’s the current debugging route that we are testing, but we are also stuck on why it is failing:
(1) Store the code verifier and code challenge (they should be a unique pair because the code challenge is generated from the code verifier)
(2) Make 2 requests of the PKCE flow. The first one is always a success and returns authorization code, The second one sometimes fails with an error:
▿ Optional>
▿ some : 2 elements
▿ 0 : 2 elements
- key : "error"
- value : invalid_grant
▿ 1 : 2 elements
- key : "error_description"
- value : Failed to verify code verifier"
(3) with the stored pair and re-running it:
guard let data = codeVerifier?.data(using: .utf8) else { return }
var buffer_chal = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
data.withUnsafeBytes {
_ = CC_SHA256($0, CC_LONG(data.count), &buffer_chal)
}
let hash = Data(bytes: buffer_chal)
codeChallenge = hash.base64EncodedString()
.replacingOccurrences(of: "+", with: "-")
.replacingOccurrences(of: "/", with: "")
.replacingOccurrences(of: "=", with: "")
.trimmingCharacters(in: .whitespaces)
(4) – that is the same failure –
Any suggestions for what could be the problem and/or other checks that we could do to isolate what we’ve got wrong.
PS: yes, we posted on having problems with PKCE earlier, and this is the same as before