code_verifier being set to :none

[ah0y]

oidcc version

3.2.6

Erlang version

26.0.0

Elixir version

1.16.0

Summary

This might not be an issue with this library but rather an issue with the OIDCC plug, but I'm finding that when PKCE is set to :none and when CodeChallengeMethodsSupported is not empty that this line is setting code_verifier to :none.

Should there be a guard on this line around PKCE being none?

add_pkce_verifier(BodyQs, #{pkce_verifier := PkceVerifier} = Opts, ClientContext) when PkceVerifier /= none ->

Current behavior

The oidcc_plug is setting pkce to:none and if CodeChallengeMethodsSupported is not empty the oidcc library will attempt to set code_verifier to :none when what's expected is a string.

How to reproduce

Have CodeChallengeMethodsSupported not be an empty list when using the oidcc_plug.

Expected behavior

That PKCE not be requested when require_pkce is set to false.

[maennchen]

@ah0y Am I correct to assume that you have the same error as this issue?

erlef/oidcc_plug#29

If yes, it's a duplicate issue.

[ah0y]

@maennchen yep getting the same error