Skip to content

Authentication pkce verifier#854

Draft
brendan-kellam wants to merge 1 commit intomainfrom
cursor/SOU-333-authentication-pkce-verifier-eb46
Draft

Authentication pkce verifier#854
brendan-kellam wants to merge 1 commit intomainfrom
cursor/SOU-333-authentication-pkce-verifier-eb46

Conversation

@brendan-kellam
Copy link
Contributor

@brendan-kellam brendan-kellam commented Feb 5, 2026

Add explicit PKCE cookie configuration to fix intermittent SSO login failures.

NextAuth v5 (beta.30) requires explicit cookie settings for PKCE in certain environments (e.g., Docker/proxy) to correctly store and retrieve the pkceCodeVerifier, preventing InvalidCheck errors during the OAuth callback.

Linear Issue: SOU-333

Open in Cursor Open in Web

@cursoragent @brendan-kellam
Fix PKCE code verifier authentication error
7b53d20 
Add explicit cookie configuration for PKCE code verifier to resolve
'InvalidCheck: pkceCodeVerifier value could not be parsed' error.

This fixes an issue where OAuth authentication would fail on first attempt
due to NextAuth v5 not having explicit cookie settings for PKCE flow.
The explicit configuration ensures cookies are properly stored and retrieved
during the OAuth callback, preventing authentication failures.

- Add pkceCodeVerifier cookie configuration with proper security settings
- Use dynamic secure flag based on AUTH_URL protocol (HTTP vs HTTPS)
- Set appropriate cookie options (httpOnly, sameSite, path, maxAge)
- Handle undefined AUTH_URL during build time with optional chaining

Co-authored-by: Brendan Kellam <brendan@sourcebot.dev>
@cursor
Copy link

cursor bot commented Feb 5, 2026

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
Learn more about Cursor Agents

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 5, 2026

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch cursor/SOU-333-authentication-pkce-verifier-eb46

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brendan-kellam @cursoragent