Code + PKCE does not work for accounts.google.com
See original GitHub issueDescribe the bug Code + PKCE does not seem to work with google as an identity provider, even though the discovery document suggests otherwise (if I understand it correctly at least). Specifically, the POST request to the token endpoint fails with a 400 “client_secret is missing.” What am I doing wrong here? The token endpoint shouldn’t need the client_secret if PKCE is being used, right?
Stackblitz example stackblitz works now, I really didn’t understand that I was trying to commit to your repo… these are the changes I made:
- add
import { googleAuthConfig } from '../auth.google.config';
to the imports ofprojects/sample/src/app/home/home.component.ts
. - in the same file, replace
authCodeFlowConfig
in line 62 withgoogleAuthConfig
- go through that same procedure of replacing authCodeFlowConfig with googleAuthConfig in
projects/sample/src/app.component.ts
- add
responseType: 'code',
to the AuthConfig inprojects/sample/src/app/auth.google.config.ts
To Reproduce Steps to reproduce the behavior:
- Click on ‘Login’ in the ‘Login with Code Flow’ section.
- Authorize the app with your google account
Expected behavior The app should be authorized with google and there should be a working token and user information in the session storage
Desktop (please complete the following information):
- OS: Windows
- Browser Chrome
- Version 81
Additional context Add any other context about the problem here.
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (1 by maintainers)
Top GitHub Comments
No, their docs are wrong, that was what I was saying. Even though their docs include the client secret in the mobile app section, that doesn’t make sense because you don’t get client secrets when you build a mobile app on Google.
I was able to register an app as a mobile app, getting only a client ID, and do the OAuth authorization code flow from pure JavaScript and it worked fine.
Never used stackblitz before and forgot to commit… Been a long day