feat: send PKCE code_verifier during OIDC token exchange

Retrieve the stored code_verifier from sessionStorage and include it
in the callback POST body so the backend can verify the PKCE challenge.

Ref: #2410
This commit is contained in:
kolaente 2026-04-02 18:55:31 +02:00
parent f5024e2f2c
commit 4c565537e4
1 changed files with 4 additions and 0 deletions

View File

@ -243,9 +243,13 @@ export const useAuthStore = defineStore('auth', () => {
const fullProvider: IProvider = configStore.auth.openidConnect.providers.find((p: IProvider) => p.key === provider)
const codeVerifier = sessionStorage.getItem('pkceCodeVerifier')
sessionStorage.removeItem('pkceCodeVerifier')
const data = {
code: code,
redirect_url: getRedirectUrlFromCurrentFrontendPath(fullProvider),
...(codeVerifier && {code_verifier: codeVerifier}),
}
// Delete an eventually preexisting old token