code_challenge not being sent to generic oidc idp
π¬Self-hostedβQuestionπͺ²Bugs
Environment: Self hosting
Version: Helm chart: 9.17.0, Zitadel version: 4.2.0 (v2 ui enabled)
Stack:
- sveltekit frontend (currently developing localhost)
- zitadel exposed to internet through a cloudflare tunnel
- whop.com as generic oidc provider
Currently, I am able to successfully login to my web app using a built in username/password. But, when I try to sign in with whop, the result is:
https://<my-zitadel-domain>/ui/v2/login/idp/oidc/failure?error=invalid_request&error_description=code_challenge+is+required&id=<some-id>&organization=<my-org>&requestId=<some-id>
I've enabled PKCE. Here is the request that is being sent to whop (doesn't include code_challenge ofc):
https://api.whop.com/oauth/authorize?client_id=<client-id>&prompt=select_account&redirect_uri=https%3A%2F%2F<my-zitadel-domain>%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=357468738590605845
Am I missing or is this a bug? Thanks.
Version: Helm chart: 9.17.0, Zitadel version: 4.2.0 (v2 ui enabled)
Stack:
- sveltekit frontend (currently developing localhost)
- zitadel exposed to internet through a cloudflare tunnel
- whop.com as generic oidc provider
Currently, I am able to successfully login to my web app using a built in username/password. But, when I try to sign in with whop, the result is:
https://<my-zitadel-domain>/ui/v2/login/idp/oidc/failure?error=invalid_request&error_description=code_challenge+is+required&id=<some-id>&organization=<my-org>&requestId=<some-id>
I've enabled PKCE. Here is the request that is being sent to whop (doesn't include code_challenge ofc):
https://api.whop.com/oauth/authorize?client_id=<client-id>&prompt=select_account&redirect_uri=https%3A%2F%2F<my-zitadel-domain>%2Fidps%2Fcallback&response_type=code&scope=openid+profile+email&state=357468738590605845
Am I missing or is this a bug? Thanks.
