New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid parameter value for code_challenge_method: 's256' with PCKE & Google #770
Comments
Running into this issue as well. Works without PCKE enabled. |
Hi @imownbey, @nick-barth, apologies for the late reply, are you guys still experiencing this issue? It would really help if you can include the steps taken to reproduce this or a link to a gist |
Also running into this. I downgraded my version of |
@colestriler can you elaborate on the steps taken to reproduce this please? are you using the |
@kangmingtay turns out downgrading did not totally fix the issue. You can replicate the issue by cloning this repo https://github.com/silentworks/safari-vercel-test and trying to authenticate with Google on localhost (i.e. NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321). I posted in Discord earlier today and @silentworks said it's likely my Google console setup (https://discord.com/channels/839993398554656828/1148690630348906577/1148690630348906577). I ended up deploying the app with the same Google console keys to test if it was only an issue on localhost, and it works fine on prod. Note: if I run my app locally and point NEXT_PUBLIC_SUPABASE_URL at my prod database, it also works fine. |
hey @colestriler, can you please reach out to us through support (https://supabase.com/dashboard/support/new) - it will be easier to investigate if we have your project ref / ask for more sensitive information pertaining to your setup. |
Having the same issue here as well with local supabase DB. I haven't investigated deeply but if the library really meant to pass |
Same problem here, and it works if I change "s256" to "S256" in the query string. |
I don't understand where to make this change and how? |
Hey team, Thanks for reporting the issue and for supplying a test repository - I'm not able to replicate this issue though - this is what it looks like on my end. The code_challenge_method param is intended for Supabase Auth and not for Google. There was a known issue in April where the code_challenge_method param was not sanitized which lead to the error. It was patched in late April/early May and we haven't observed repeat instances since then Could I trouble you to try clearing both package-lock.json and node_modules and reinstalling after? Alternatively, if there's a staging environment or another test repository where we can replicate this we can take a look further. Let us know Thanks! |
I never use While the bug was fixed long ago, it was not fixed in my local dev since my local supabase never updated. |
Bug report
Describe the bug
Trying to use the new pkce auth flow with Google sign in based on the blog post:
https://supabase.com/blog/supabase-auth-sso-pkce#server-side-and-mobile-auth
I get the following error when showing the google login screen:
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: