Missing required parameter [code_verifier]

See original GitHub issue
await authClient.requestAccessToken(code)

crashes with

error: {
  error: 'invalid_request',
  error_description: 'Missing required parameter [code_verifier].'
}

I think the problem is that #codeVerifier is undefined here šŸ‘‡ https://github.com/twitterdev/twitter-api-typescript-sdk/blob/0d4954c675dbfc566c6911adc4d4178dce926ca4/src/OAuth2User.ts#L170

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:14

github_iconTop GitHub Comments

8reactions
jgjrcommented, Aug 2, 2022

@sasivarnan The solution was fairly simple. In the initial call of generateAuthURL() I use code_challenge_method: ā€˜plainā€™ and save the code_challenge that I use. Then when the user is redirected back to my platform I call the generateAuthURL() method again with the same saved code_challenge, and then the requestAccessToken() method with the code I have received.

7reactions
pdandradebcommented, Oct 8, 2022

The 1.2.0 version published 6 days ago (thanks @refarer!) allows the token to be passed on the constructor. So, now you could do something like this:

  1. Create the endpoint to start the authentication process: generate state and challenge and call generateAuthURL; persist these values to recreate the OAuth2User later on;
  2. Create another endpoint for the callback: recreate the auth with state and challenge and call requestAccessToken passing the code received; store the token returned by that function;
  3. Pass the token on the OAuth2UserOptions during user creation.

Using firebase functions, my simplified code is:

// authenticate.ts
export const authenticate = functions
  .region('southamerica-east1')
  .https.onRequest(async (req, res) => {
    res.redirect(await generateAuthURL());
  });

// authenticationHandler.ts
export const authenticationHandler = functions
  .region('southamerica-east1')
  .https.onRequest(async (req, res) => {
    const { code } = req.query;
    await handleAuthCode(code as string);
    res.send('OK');
  });

// auth.ts
let user: auth.OAuth2User | null = null;
const getUser = async () => {
  if (!user) {
    const { token } = (await getPlatformTokens()) ?? {};
    user = new auth.OAuth2User({
      client_id: <CLIENT_ID>,
      client_secret: <SECRET>,
      callback: <CALLBACK_URL>,
      scopes: ['tweet.read', 'tweet.write', 'users.read', 'offline.access'],
      token: token ? JSON.parse(token) : undefined,
    });
  }
  return user;
};

let client: Client | null = null;
const getClient = async () => {
  if (!client) client = new Client(await getUser());
  return client;
};

export const generateAuthURL = async () => {
  const state = randomBytes(12).toString('hex');
  const challenge = randomBytes(12).toString('hex');
  await updatePlatformTokens({
    state,
    challenge,
  });
  const user = await getUser();
  return user.generateAuthURL({
    state,
    code_challenge_method: 'plain',
    code_challenge: challenge,
  });
};

export const handleAuthCode = async (code: string) => {
  const user = await getUser();
  const { state, challenge } = (await getPlatformTokens()) ?? {};
  if (state && challenge) {
    user.generateAuthURL({
      state,
      code_challenge_method: 'plain',
      code_challenge: challenge,
    });
    const { token } = await user.requestAccessToken(code);
    await updatePlatformTokens({
      token: JSON.stringify(token),
    });
  }
};
Read more comments on GitHub >

github_iconTop Results From Across the Web

Issues Ā· twitterdev/twitter-api-typescript-sdk - GitHub
Missing direct message support ... Missing tweets and no error raised by client when using searchStream ... Missing required parameter [code_verifier].
Read more >
Missing parameter code_challenge_method - Stack Overflow
What you need to do is to: Generate a random value (code_verifier); Calculate the hash of that value (code_challenge); Send the code_challengeĀ ...
Read more >
Invalidate token oAuth2 v2 Code flow - Twitter Developers
I'm seeing a new error now: ā€œā€{"error":"invalid_request","error_description":"Missing required parameter [token_type_hint]."}ā€œā€ DocĀ ...
Read more >
OAuth2 and Twitter API - Questions - n8n community
As for OAuth2, this might require a closer look and will take some time ... error_description: 'Missing required parameter [code_verifier].
Read more >
Ignore PKCE params for non-PKCE grants - GitLab.org
authRequest = { code_verifier, code_challenge }; const authUrl = client. ... invalid_request (The request is missing a required parameter,Ā ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found