oidcc_token:retrieve/3 returning {error,invalid_input,none}

[GPrimola]

oidcc version

3.2.6

Erlang version

27.1

Elixir version

1.17.3-otp-27

Summary

Couldn't update to 3.2.6 due to retro compatibility issues.
After a little dig, I could see the problem comes from here:

• oidcc_token:add_pkce_verifier/3
• oidcc_token:add_pkce_verifier/2

this on 3.2.6 adds {<<"code_verifier">>,none} to BodyQs, which makes uri_string:compose_query/1 to chain up the error {error,invalid_input,none}.

PS: this seems to work well on 3.2.5, but as I've strongly tested the auth flow on 3.2.4, I'm focusing on it.

Current behavior

After updating to 3.2.6 from 3.2.4 oidcc_token:retrieve/3 returns {error,invalid_input,none} when using with plug Oidcc.Plug.AuthorizationCallback.

How to reproduce

1. Use an out of the box Keycloak with minimal configuration (realm, client and user);
2. Configure Oidcc.Plug.AuthorizationCallback with following options set:

• provider
• client_id
• client_secret
• redirect_uri

4. Perform the authorization flow (with redirect url)
5. When on callback action, the plug will return {error,invalid_input,none} when trying to retrieve the token.

Expected behavior

oidcc_token:retrieve/3 on 3.2.6 should keep retro compatibility on patch versions, i.e., be able to return token information when the same parameters are given.

[maennchen]

Duplicate of erlef/oidcc_plug#29