Not sure what a propery workflow is here.

I have two routes

/login/openid

/login/openid/callback

Before I call performAuthorizationRequest the request object doesn't have anything set for internal.code_verifier.

If I do this

let json = await authRequest.toJSON() it calls this

Makes sense right?

But internal.code_verifier it reset with each request and there is no way to set it before a request. How should I properly access this value so I can save it to say a local http only cookie or in the session object so that when my /callback route is called I pass as part of the arguments to performTokenRequest ?

FWIW you can call toJSON() and it sets a different value to internal.code_verifier each time. Is that on purpose?

• AppAuth-JS version: latest__
• AppAuth-JS Environment (Node, Browser (UserAgent), ...): nodejs 16_
• Source code snippts (inline or JSBin)

You can build your own AuthorizationRequestHandler that saves the code_verifier to storage. Use the existing one as reference.