Client receives code verifier error when the user has never logged in before

[jnweiger]

Seen with oauth2-0.5.2 on ownCloud 10.8.1 prealpha (daily) Build:2021-11-16T22:03:07+00:00 3e5ae8e8a76638d92d0167dfa3ea306c41d1bf08

• User admin creates user01 with password user01
• Desktop client 2.9.1 connects, -> the oauth flow starts, user admin is suggested.
• Switch user, log in user01, authorize. an error occurs:
  

On a second attempt, the client can authorize just fine.

[jnweiger]

Similar to #309 - likely a duplicate... -- if so, the issue persists in 0.5.2

[jnweiger]

Reproduced with core 10.9.0-beta1 and client 2.9.2-rc5 and oauth2-0.5.2

[jvillafanez]

Similar to #309 - likely a duplicate... -- if so, the issue persists in 0.5.2

Same thoughts. It seems related to the "user switch" feature.

As said in the linked ticket, I think it's better to change the button to a "logout" button and let the user restart the process from the client.

Assuming the client doesn't have a browser with a valid ownCloud session, the flow seems to work fairly well even if the user hasn't logged in yet. The only problem is that the "authorization-successful" page should be public. Currently, that page requires the user to be logged in, which is a bit weird.
It seems the flow doesn't login the user / doesn't create a valid session, so ownCloud requires login to access to the "authorization-successful" page even though the client already has a valid token and can access ownCloud from that point.