Skip to content

fix: Improve PKCE cookie missing error message #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nicknisi merged 1 commit into from
Jun 18, 2026
+1 −1
Merged

fix: Improve PKCE cookie missing error message #46

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/core/AuthKitCore.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ export class AuthKitCore {
}
if (!cookieValue) {
throw new PKCECookieMissingError(
'PKCE verifier cookie missing — cannot verify OAuth state. Ensure Set-Cookie headers are propagated on redirects.',
'Sign-in session could not be verified. Please try signing in again.',
);
Comment on lines 196 to 198

@greptile-apps greptile-apps Bot Jun 17, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Developer-facing context removed from diagnostic message

PKCECookieMissingError is a publicly exported error class that library integrators are expected to catch and handle (e.g., redirect to sign-in). In a properly implemented adapter the message never reaches end users, so the old phrasing ("Ensure Set-Cookie headers are propagated on redirects") served as actionable debug guidance for developers integrating this SDK. The new message is less useful when someone is actively debugging a proxy/cookie-stripping issue and has not yet caught or read the JSDoc. Worth keeping in mind if the team plans to use this message in telemetry or logging — it will no longer carry the root-cause signal.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

@devin-ai-integration devin-ai-integration Bot Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Acknowledged — this is an intentional tradeoff. The error class name (PKCECookieMissingError) and JSDoc already carry the diagnostic signal for integrators who catch it. The message change targets the case where the error propagates to an end user (e.g., via a framework that surfaces error.message without custom handling). The original proxy-oriented guidance remains documented in MIGRATION.md for anyone debugging cookie-stripping issues.

}
const encoder = new TextEncoder();
Expand Down
Loading