How do I properly save the "code_verifier" string to a cookie?
bobber205 opened this issue · comments
Not sure what a propery workflow is here.
I have two routes
/login/openid
/login/openid/callback
Before I call performAuthorizationRequest
the request object doesn't have anything set for internal.code_verifier
.
If I do this
let json = await authRequest.toJSON()
it calls this
AppAuth-JS/src/authorization_request.ts
Line 79 in cf6bb68
internal.code_verifier
value.
Makes sense right?
But internal.code_verifier
it reset with each request and there is no way to set it before a request. How should I properly access this value so I can save it to say a local http only cookie or in the session object so that when my /callback route is called I pass as part of the arguments to performTokenRequest
?
FWIW you can call toJSON()
and it sets a different value to internal.code_verifier
each time. Is that on purpose?
- AppAuth-JS version: latest__
- AppAuth-JS Environment (Node, Browser (UserAgent), ...): nodejs 16_
- Source code snippts (inline or JSBin)
You can build your own AuthorizationRequestHandler
that saves the code_verifier
to storage. Use the existing one as reference.