fix: do not pass params twice to token request (#147)

tomasvotava · web-flow · commit 7fb7f1480d79 · 2024-04-03T19:08:23.000+02:00
diff --git a/fastapi_sso/sso/base.py b/fastapi_sso/sso/base.py
@@ -472,6 +472,9 @@ async def process_login(
 
         current_path = f"{url.scheme}://{url.netloc}{url.path}"
 
+        if pkce_code_verifier:
+            params.update({"code_verifier": pkce_code_verifier})
+
         token_url, headers, body = self.oauth_client.prepare_token_request(
             await self.token_endpoint,
             authorization_response=current_url,
@@ -487,11 +490,8 @@ async def process_login(
 
         auth = httpx.BasicAuth(self.client_id, self.client_secret)
 
-        if pkce_code_verifier:
-            params.update({"code_verifier": pkce_code_verifier})
-
         async with httpx.AsyncClient() as session:
-            response = await session.post(token_url, headers=headers, content=body, auth=auth, params=params)
+            response = await session.post(token_url, headers=headers, content=body, auth=auth)
             content = response.json()
             self._refresh_token = content.get("refresh_token")
             self._id_token = content.get("id_token")
