0

I'm trying to get the PKCE example to work, but I keep hitting

Error code: 500
Error: invalid_request : code challenge required

Here's a sample url, it does include a code_challenge param generated with the example code.

https://login.xero.com/identity/connect/authorize
?client_id=XXX
&response_type=code
&scope=openid%20profile%20email%20offline_access%20files%20accounting.transactions%20accounting.contacts&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2F
&code_challenge=tj6n3SLd6FZ8g6jjSJYvfC--4r2PHGnpbSGTwIreNqQ
&code_challenge_method=S256

The registered app is a PKCE flow, kind of out of options what it could be. Here's the code I use, the only changes are the last 2 lines where I launch the browser a I'm connecting from a desktop app. Tried pasting the generated url into the browser directly but that also didn't work.

  XeroConfiguration xconfig = new XeroConfiguration();
            xconfig.ClientId = "XXX";
            xconfig.CallbackUri = new Uri("https://localhost:5001"); //default for standard webapi template
            xconfig.Scope = "openid profile email offline_access files accounting.transactions accounting.contacts";
            //xconfig.State = "YOUR_STATE"

          var client = new XeroClient(xconfig);

            // generate a random codeVerifier
            var validChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._~";
            Random random = new Random();
            int charsLength = random.Next(43, 128);
            char[] randomChars = new char[charsLength];
            for (int i = 0; i < charsLength; i++) {
                randomChars[i] = validChars[random.Next(0, validChars.Length)];
            }
            string codeVerifier = new String(randomChars);
            
            var uri = client.BuildLoginUriPkce(codeVerifier);
            Clipboard.SetText(uri);
            System.Diagnostics.Process.Start("explorer.exe", $"\"{uri}\"");
gjvdkamp
  • 9,929
  • 3
  • 38
  • 46
  • Hi, from the above code snippet I can see that you're creating a random string, but not that you are then SHA256 & URL encoding the verified in order to provide it as the code_challenge param. Unless that's happening in the BuildLoginUriPkce() function, which is not shown. This pseudo code example is from the docs: `code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier)))` – RJaus Aug 29 '21 at 23:29
  • I'm unclear if you're using an SDK here or you've rolled your own, but in either case, here is a walkthrough using postman, which should give you the idea: https://github.com/XeroAPI/Xero-Postman-Tutorial-PKCE-Edition – RJaus Aug 29 '21 at 23:32
  • 1
    Hi thanks for responding, I did manage to solve this. IIRC the bug was caused by using .Net 5 that messed with the url on Process.Start. It went away when switching to framework. – gjvdkamp Aug 30 '21 at 04:31

0 Answers0