`getExternalAuthRedirectUri` doesn't add PKCE parameters to URL #2810

rahul1 · 2023-09-11T20:21:27Z

Description

When signing in to an external auth provider with PKCE, some identity providers require that the PKCE parameters code_challenge_method and code_challenge are set as URL parameters

Okta
Auth0

However, our getExternalAuthRedirectUriI() doesn't currently set those two params

medplum/packages/core/src/client.ts

Lines 1050 to 1063 in 83432e6

 getExternalAuthRedirectUri( 

 authorizeUrl: string, 

 clientId: string, 

 redirectUri: string, 

 loginRequest: BaseLoginRequest 

 ): string { 

 const url = new URL(authorizeUrl); 

 url.searchParams.set('response_type', 'code'); 

 url.searchParams.set('client_id', clientId); 

 url.searchParams.set('redirect_uri', redirectUri); 

 url.searchParams.set('scope', 'openid profile email'); 

 url.searchParams.set('state', JSON.stringify(loginRequest)); 

 return url.toString(); 

 }

The text was updated successfully, but these errors were encountered:

rahul1 added bug Something isn't working auth Authentication and authorization features and fixes labels Sep 11, 2023

ThatOneBro self-assigned this Sep 12, 2023

ThatOneBro mentioned this issue Sep 12, 2023

fix(auth/external): add some missing url params for external auth PKCE exchanges #2812

Merged

ThatOneBro closed this as completed in #2812 Sep 12, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`getExternalAuthRedirectUri` doesn't add PKCE parameters to URL #2810

`getExternalAuthRedirectUri` doesn't add PKCE parameters to URL #2810

rahul1 commented Sep 11, 2023

getExternalAuthRedirectUri doesn't add PKCE parameters to URL #2810

getExternalAuthRedirectUri doesn't add PKCE parameters to URL #2810

Comments

rahul1 commented Sep 11, 2023

Description

`getExternalAuthRedirectUri` doesn't add PKCE parameters to URL #2810

`getExternalAuthRedirectUri` doesn't add PKCE parameters to URL #2810