EntraID: code_verifier does not match the code_challenge supplied in the authorization request ....

Copper Contributor

Hi,

We have a web app that used EntraID for OIDC. We use the web browser to loginto the web app , gets redirected to the EntraID authentication page and get authenticated and it works.

 

We are creating a new mobile app ( iOs ) and want to use the same  web app backend. We also want to use the EntraID for OIDC ( just like the browser) . We are using the https://github.com/mobilityhouse/AppAuth-iOS-Without-Pkce library to implement OIDC with EntraID.

The library does not use PKCE ( as is in the name ). We can get the auth_code by making the API call to Microsoft EntraID, but when the backend tries to get the access_token , we get the error :

 

"The code_verifier does not match the code_challenge supplied in the authorization request for PKCE".

 

  1. How is PKCE coming in picture when we are using no PKCE library ?
  2. How can we get around this problem without any code change in the web backend ?
  3. We have no issue when using browser, how can the mobile app work same as the browser ?
0 Replies