ref: Simkl authentication to use PKCE and update exchangeCodeForToken method

2026-03-11 17:45:38 +00:00 · 2026-02-21 18:05:12 +05:30 · 2026-02-21 18:05:12 +05:30 · 37ad5647f8
commit 37ad5647f8
parent 5a8fa30787
2 changed files with 13 additions and 9 deletions
--- a/src/screens/SimklSettingsScreen.tsx
+++ b/src/screens/SimklSettingsScreen.tsx
@ -27,7 +27,6 @@ const ANDROID_STATUSBAR_HEIGHT = StatusBar.currentHeight || 0;

 // Simkl configuration
 const SIMKL_CLIENT_ID = process.env.EXPO_PUBLIC_SIMKL_CLIENT_ID as string;
-const SIMKL_REDIRECT_URI = process.env.EXPO_PUBLIC_SIMKL_REDIRECT_URI || 'nuvio://auth/simkl';

 const discovery = {
    authorizationEndpoint: 'https://simkl.com/oauth/authorize',
@ -76,9 +75,10 @@ const SimklSettingsScreen: React.FC = () => {
        {
            clientId: SIMKL_CLIENT_ID,
            scopes: [], // Simkl doesn't strictly use scopes for basic access
-            redirectUri: SIMKL_REDIRECT_URI, // Must match what is set in Simkl Dashboard
+            redirectUri: redirectUri,
            responseType: ResponseType.Code,
-            // codeChallengeMethod: CodeChallengeMethod.S256, // Simkl might not verify PKCE, but standard compliant
+            usePKCE: true,
+            codeChallengeMethod: CodeChallengeMethod.S256,
        },
        discovery
    );
@ -90,12 +90,12 @@ const SimklSettingsScreen: React.FC = () => {
    // Handle the response from the auth request
    useEffect(() => {
        if (response) {
-            if (response.type === 'success') {
+            if (response.type === 'success' && request?.codeVerifier) {
                const { code } = response.params;
                setIsExchangingCode(true);
                logger.log('[SimklSettingsScreen] Auth code received, exchanging...');

-                simklService.exchangeCodeForToken(code)
+                simklService.exchangeCodeForToken(code, request.codeVerifier)
                    .then(success => {
                        if (success) {
                            refreshAuthStatus();
@ -109,11 +109,14 @@ const SimklSettingsScreen: React.FC = () => {
                        openAlert(t('common.error'), t('simkl.auth_error_generic'));
                    })
                    .finally(() => setIsExchangingCode(false));
+            } else if (response.type === 'success') {
+                logger.error('[SimklSettingsScreen] Missing PKCE code verifier on successful auth response');
+                openAlert(t('common.error'), t('simkl.auth_error_msg'));
            } else if (response.type === 'error') {
                openAlert(t('simkl.auth_error_title'), t('simkl.auth_error_generic') + ' ' + (response.error?.message || t('common.unknown')));
            }
        }
-    }, [response, refreshAuthStatus]);
+    }, [response, refreshAuthStatus, request?.codeVerifier, t]);

    const handleSignIn = () => {
        if (!SIMKL_CLIENT_ID) {
--- a/src/services/simklService.ts
+++ b/src/services/simklService.ts
@ -301,7 +301,7 @@ export class SimklService {
     * Exchange code for access token
     * Simkl tokens do not expire
     */
-    public async exchangeCodeForToken(code: string): Promise<boolean> {
+    public async exchangeCodeForToken(code: string, codeVerifier: string): Promise<boolean> {
        await this.ensureInitialized();

        try {
@ -315,7 +315,8 @@ export class SimklService {
                    client_id: SIMKL_CLIENT_ID,
                    client_secret: SIMKL_CLIENT_SECRET,
                    redirect_uri: SIMKL_REDIRECT_URI,
-                    grant_type: 'authorization_code'
+                    grant_type: 'authorization_code',
+                    code_verifier: codeVerifier
                })
            });

@ -937,4 +938,4 @@ export class SimklService {
            return null;
        }
    }
-}
+}