react-oauth2-pkce icon indicating copy to clipboard operation
react-oauth2-pkce copied to clipboard
verified publisher icon soofstad

Bug: codeVerifier is not set in sessionStorage (sometimes)

Open bondarev123 opened this issue 1 year ago • 3 comments

  • I have my web app running on domain 'xxx.com'. Earlier my login url was 'xxx.com:18080', therefore it had its own local and session storage.
  • Now my login url is 'xxx.com/auth'
  • The problem is that sometimes (seems randomly) the app may blink for a moment before redirect. In that case CodeVerifier is being set in sessionStorage and everything works fine.
  • But sometimes the blink does not happen and session storage is empty
  • Redirect URL has a code challenge, so codeVerifier has been indeed generated

As I say, it never happened when login page was on another port.

Do you have any suggestions?

Steps To Reproduce

  • Happens randomly (almost certainly in new incognito window)

The current behavior

PKCE_code_verifier is sometimes not being set in session storage

The expected behavior

PKCE_code_verifier is always being set in session storage

bondarev123 avatar May 17 '24 10:05 bondarev123

I can't say that I see any reason why this would happen, and certainly not depending on the port number used. Is that the only thing you've changed since getting these bugs?

sebastianvitterso avatar May 21 '24 04:05 sebastianvitterso

Seems like a JS sessionStorage's problem. When changed from sessionStorage to localStorage problem dissapeared.

bondarev123 avatar May 30 '24 08:05 bondarev123

Ok, well it's good that the issue was resolved, but I'm curious as to what was the actual problem. If you'd like to do more research into the issue, go ahead, otherwise feel free to close the issue.

sebastianvitterso avatar May 30 '24 10:05 sebastianvitterso

Stale issue message

github-actions[bot] avatar Jul 29 '24 20:07 github-actions[bot]