Amplify-js: Can't use "code" as a query parameter
Using the query parameter name "code" causes "invalid_grant" error due to the Amplify listener attempting to validate the parameter as an OAuth code. Might make sense to namespace the code parameter to "awscode" or even validate that the code value looks like an OAuth response code before throwing an error.... took a few hours to debug this.
cliffordh
All 8 comments
I can absolutely second this - Amplify completely highjacks the code parameter if present via form post or URL queries.
This caught us off guard a while back and required significant troubleshooting as the error message is vague and seems unrelated.
jessedoyle
on 26 Jun 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 26 Jul 2019
Any updates on this?
jaimeburnap-fts
on 17 Feb 2020
+1
danielblignaut
on 10 Mar 2020
Does anyone have a workaround? We need to use some oAuth 2.0 third party verification and this really messes up the experience :(
jonmifsud
on 8 Jun 2020
This is extremely irritating, implementing third party oAuth2 integration and when it redirects back to my site it errors out assuming it's the SSO code.
Would simply changing line 128 of OAuth.ts to something like if (!code || currentUrl !== this._config.redirectSignIn) fix the issue? Then it wouldn't highjack if you were at /oauth2integration/callback?code=xxx
clethrill
on 6 Oct 2020
@clethrill good suggestion and deep sympathies for the frustration caused.
@sammartinez would suggest bumping this up to a bugbash considering the fix may be a oneliner
sw-yx
on 6 Oct 2020
I created a PR #6939 to try and help speed things along.
clethrill
on 9 Oct 2020
Related issues
cgarvis
路
3Comments
karlmosenbacher
路
3Comments
callmekatootie
路
3Comments
rayhaanq
路
3Comments
shinnapatthesix
路
3Comments