0

I'm using AxaGuilDEv/react-oidc which is based on react-oidc package to login using oauth. The url called during signin has the following params by default : client_id, redirect_uri, response_type, scope, state, code_challenge, code_challenge_method, response_mode.

I found out how to add more params to the url, but I can't figure out how to remove the code_challenge & code_challenge_method params.

Is there a way to do that in either of the packages?

Dwix
  • 1,139
  • 3
  • 20
  • 45

1 Answers1

0

code_challenge and the code_challenge_method is part of the PKCE security feature and it is a good practice to keep using. Look in the documentation if you can disable PKCE in the OIDC server. If PKCE is required or not is controlled in the OIDC-server.

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40
  • Yes I understand, but for now I just need a way to remove those parameters from the url, or any other param I need to remove. – Dwix Aug 23 '21 at 09:40
  • Why do you need to remove them? – Tore Nestenius Aug 23 '21 at 10:09
  • I need to test why a get `invalid_grant` error when I keep them, and also I need to know how to easily edit the url as I want, adding or removing any of the parameters to understand the workflow better. – Dwix Aug 23 '21 at 12:00
  • What does the OIDC server log say? I suspect you got some issues with the scopes. – Tore Nestenius Aug 23 '21 at 12:07
  • I don't have access to the server. But when I used another simpler react `package` (with less functionalities than I prefer), the signin url didn't have `challenge_code` & `code_challenge_method` params, then the login was successful and I could retrieve the token/userdata, but when I use the `oidc-react package`, which adds those two params automatically, I get `invalid_grant` error. – Dwix Aug 23 '21 at 12:13
  • 1
    You could always use a tool like postman or Fiddler to do a manual authentication against your server. In Fiddler you can for example use breakpoints, to modify requests in realtime. – Tore Nestenius Aug 23 '21 at 12:49