ExchangeCodeForSession - Supabase returns HTTP 403 "code challenge does not match..." #86

nref · 2023-08-02T17:09:16Z

nref
Aug 2, 2023

Looking for some help implementing server-side PKCE auth flow in ASP.NET Core.

After calling Supabase.Client.SignInWithOtp(...) on the server:

Then looking in the DB flow_state table I can see the generated auth_code and code_challenge:

If I then manually paste auth_code and code_challenge into my API controller, hash code_challenge with Helpers.GeneratePKCENonceVerifier(...), then pass the hash and auth_code to Supabase.Client.ExchangeCodeForSession, then Supabase returns

HTTP 403 "code challenge does not match previously saved code verifier"

I would have expected a match.

acupofjose · 2023-08-02T20:42:09Z

acupofjose
Aug 2, 2023

The code verifier should be in your variable result.PKCEVerifier - which you would use for the session code exchange! (See here)

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ExchangeCodeForSession - Supabase returns HTTP 403 "code challenge does not match..." #86

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

ExchangeCodeForSession - Supabase returns HTTP 403 "code challenge does not match..." #86

Uh oh!

Uh oh!

nref Aug 2, 2023

Replies: 1 comment

Uh oh!

Uh oh!

acupofjose Aug 2, 2023

nref
Aug 2, 2023

acupofjose
Aug 2, 2023