Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Unable to use PKCE authorization: code_verifier was incorrect

Solved!
Go to solution

Unable to use PKCE authorization: code_verifier was incorrect

Solved! Go to solution
Avatar of Christilut
Casual Listener
2020-07-28 10:15 AM

I'm trying to implement the PKCE authorization flow and as far as I can tell, I've done so correctly, but Spotify always says the code_verifier is incorrect.

 

This is my code to create the login URL:

 

 

    this.verifyCode = getRandomString(64)

    const codeChallenge = crypto
      .createHash('sha256')
      .update(this.verifyCode)
      .digest('base64')

    const params = new URLSearchParams()

    params.append('client_id', process.env.VUE_APP_SPOTIFY_CLIENT_ID as string)
    params.append('response_type', 'code')
    params.append('scope', SPOTIFY_SCOPES.join(' '))
    params.append('redirect_uri', SPOTIFY_REDIRECT_URI)
    params.append('code_challenge_method', 'S256')
    params.append('code_challenge', codeChallenge)

    const uri: string = `https://accounts.spotify.com/authorize?${params.toString()}`

 

 

 

 And to fetch the token:

 

 

    const code = new URLSearchParams(new URL(redirectUri).search).get('code') as string

    const params = new URLSearchParams()

    params.append('client_id', process.env.VUE_APP_SPOTIFY_CLIENT_ID as string)
    params.append('grant_type', 'authorization_code')
    params.append('code', code)
    params.append('redirect_uri', SPOTIFY_REDIRECT_URI)
    params.append('code_verifier', this.verifyCode)

    const { data } = await Axios.post('https://accounts.spotify.com/api/token', params)

 

 

 

But Spotify always returns this:

 

 

    data: {
      error: 'invalid_grant',
      error_description: 'code_verifier was incorrect'
    }

 

 

 

I've tried doing the code challenge encoding differently (base64url encoding) but it seems to have no effect.  

 

Any ideas?

Labels:
2 people had this problem.
Reply

Accepted Solutions
Marked as solution

Avatar of chanderson0
Newbie
2020-07-30 12:16 AM

I had the exact same problem, which was resolved by radically changing how I was generating the PKCE challenge. This set of functions worked for me: https://stackoverflow.com/a/59913241

View solution in original post

3 Replies
Marked as solution

Solved! Go to solution
Avatar of chanderson0
Newbie
2020-07-30 12:16 AM

I had the exact same problem, which was resolved by radically changing how I was generating the PKCE challenge. This set of functions worked for me: https://stackoverflow.com/a/59913241

Avatar of Christilut
Casual Listener
2020-07-30 04:04 PM

Thanks! I tried it that way and it worked.

 

For anyone running into this, I changed the encoding to the following:

async function sha256(plain) {
  const encoder = new TextEncoder()
  const data = encoder.encode(plain)

  return window.crypto.subtle.digest('SHA-256', data)
}

function base64urlencode(a){
  return btoa(String.fromCharCode.apply(null, new Uint8Array(a))
    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
}

const hashed = await sha256(verifyCode)
const codeChallenge = base64urlencode(hashed)

Avatar of Peter_Schorn
Roadie
2020-10-03 01:51 AM

So can you confirm that the code challenge does not need to be padded with the `=` character?

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! ๐Ÿ˜   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and getโ€ฆ

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more

Type a product name