After configuring an application to use the Authorization Code with PKCE 23 flow, several users are getting the following error message after they authenticate:
 

Failed to verify code verifier.

• PKCE-enhanced Authorization Code Flow

When calling the /authorize endpoint multiple times in quick succession, the error message above may be returned.

Avoid making more than one login request:

• When making a login request, it saves the code_verifier in a cookie and sends the code_challenge to the /authorize endpoint.
• If a login request is made multiple times, it will keep saving a new code_verifier, which will override the previous one. It will also keep sending the browser to a new authorize URL.
  • If this happens multiple times,  the authorize URL with its code_challenge parameter will match the code_verifier cookie previously saved.

Ensure the app only calls the login method once to log in. Making a login request method multiple times in quick succession will be prone to errors (like the Invalid code verifier errors).

• NOTE: The code challenge and the code_verifiers are different.

The following example demonstrates this error:

// This is ok
function login() {
  loginWithRedirect();
}

// This will be error prone
function login() {
  loginWithRedirect();
  loginWithRedirect();
  loginWithRedirect();
}