Unable to generate authorization code via PKCE flow for SPA
This error "Invalid size of Code_Challenge parameter." usually occurs if the code_challenge
is invalid. Make sure to generate a valid code_ challenge.
To generate code_challenge
, you can make use of this tool like below:
Make sure to include origin
header like below:
After including all the required parameters, I was able to generate access token successfully via PKCE flow from Postman like below:
Another Solution:
Just strip your hash to 43 characters. Then your fine. For example:
$this->code_challenge = hash("sha256", random_bytes("96"));
$code_challenge = substr($this->code_challenge, 0, 43)
Another Solution:
You seem to be using S256 (SHA256) as the code challenge method (hashing algorithm to hash code verifier). So ensure that the length of the base 64 encoded code_challenge value is 43 characters. If there is a trailing '=', strip this off (this is the padding) before setting the code_challenge query string parameter value.
Another Solution:
This PS code works for me.
# Set the length of the code verifier
$codeVerifierLength = 64
# Set the code verifier and code challenge
$codeVerifier = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count $codeVerifierLength | ForEach-Object {[char]$_})
$codeChallenge = [System.Convert]::ToBase64String([System.Security.Cryptography.SHA256]::Create().ComputeHash([System.Text.Encoding]::UTF8.GetBytes($codeVerifier)))
$codeChallenge = $codeChallenge -replace "\+","-" -replace "/","_" -replace "=",""
# Output the code verifier
Write-Output "Code Verifier : $codeVerifier"
# Output the code challenge
Write-Output "Code Challenge: $codeChallenge"
# Set the request parameters
$params = @{
client_id = $clientId
redirect_uri = $redirectUri
response_type = "code"
response_mode = "query"
resource = $resource
scope = $scope
code_challenge = $codeChallenge
code_challenge_method = "S256"
}
# Build the authorization URL
$authUrl = $authEndpoint + "?" + $(($params.GetEnumerator() | ForEach-Object { "$($_.Name)=$($_.Value)" }) -join "&").tostring()