From 05b09ccc5aea25cb715281d30cc6b2362e6c5d0e Mon Sep 17 00:00:00 2001 From: SDI Date: Tue, 30 Jun 2026 17:00:30 +0900 Subject: [PATCH] =?UTF-8?q?BARON-SSO=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20code?= =?UTF-8?q?=5Fverifier=20=EC=B6=94=EA=B0=80=20server.js?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server.js | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/server.js b/server.js index 2142a3b..42f2040 100644 --- a/server.js +++ b/server.js @@ -362,11 +362,12 @@ const resolveRedirects = async (redirectTo, cookies, depth = 0) => { throw new Error('Could not resolve authorization redirect'); }; -const exchangeAuthorizationCode = async (code, discovery) => { +const exchangeAuthorizationCode = async (code, discovery, codeVerifier) => { const body = new URLSearchParams({ grant_type: 'authorization_code', code, redirect_uri: REDIRECT_URI, + code_verifier: codeVerifier, client_id: CLIENT_ID, client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', client_assertion: createClientAssertion(discovery.token_endpoint) @@ -428,7 +429,7 @@ const runHeadlessSsoLogin = async ({ loginId, password }) => { throw new Error('Authorization code not found after redirect resolution'); } - const tokenResponse = await exchangeAuthorizationCode(resolution.code, discovery); + const tokenResponse = await exchangeAuthorizationCode(resolution.code, discovery, authState.codeVerifier); const idTokenPayload = decodeJwtPayload(tokenResponse.id_token); return { @@ -501,7 +502,11 @@ const pollHeadlessPhoneLogin = async (pendingContext) => { throw new Error('Authorization code not found after phone redirect resolution'); } - const tokenResponse = await exchangeAuthorizationCode(resolution.code, pendingContext.discovery); + const tokenResponse = await exchangeAuthorizationCode( + resolution.code, + pendingContext.discovery, + pendingContext.authState.codeVerifier + ); const idTokenPayload = decodeJwtPayload(tokenResponse.id_token); return {