Description
My OIDAuthorizationRequest needs a predefined state. Since there is no parameter in the interface I tried it with the additional parameters. That works but there is an issue with the default behaviour on iOS or in the objc implementation respectively:
RNAppAuth.m
// builds authentication request
OIDAuthorizationRequest *request =
[[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:clientId
clientSecret:clientSecret
scope:[OIDScopeUtilities scopesWithArray:scopes]
redirectURL:[NSURL URLWithString:redirectUrl]
responseType:OIDResponseTypeCode
state: additionalParameters[@"state"] ? additionalParameters[@"state"] : [[self class] generateState]
nonce:nonce
codeVerifier:codeVerifier
codeChallenge:codeChallenge
codeChallengeMethod: usePKCE ? OIDOAuthorizationRequestCodeChallengeMethodS256 : nil
additionalParameters:additionalParameters];
Iff the state is present in the additional parameters, it gets taken from there but if it's there the lib will add it too. So the state is attached twice.
For reference: The java code on the other hand removes the state from the additional parameters after reading the state. So it gets added only once. Which is the right approach if u ask me.
The Problem with the whole thing is, that the double attachment of the state leads to an invalid_request on the google side. (Apple seems not to be picky. At least if the key value pair is the same). looks like in the screenshot attached:
My current workaround is; setting the state parameter to nil since the value is nullable and add it via the additional parameters from the react native js side.
Environment
IDP: Zitadel / Google
platform: iOS
react native: v0.73.4
react native app auth: ^7.1.0
No expo
Activity
devDohyun commentedon Jul 14, 2024
same issue here.Update: This issue can be resolved by setting the useNonce: false option.
Related to : https://github.com/FormidableLabs/react-native-app-auth/pull/736/files