status code 400 with body No session

[Dr-Blank]

I have openid setup with google and am trying to implement login using dart. I am able to login using the audiobookshelf app, however can not do so when I tried to implement it in dart.

Here is what I did

1. generate a random string (similar to app). make a challenge by hashing using sha256.
2. call 'auth/openid' with code challenge and redirect uri of 'localhost' for testing.
3. I receive the url of google, I save the state from the said url and login with google
4. it gets redirected to localhost as expected with the code and state query params
5. I call 'auth/openid/callback' with the received state, the verifier (random string generated in step 1) and code confirming that the states is indeed the same as before. I also add the header "{cookie: auth_method=openid-mobile}" as received in "set-cookie" response header when auth url was retrieved in step 3.
6. I get status code '400' with body 'No session'

What did I miss? I have looked at the app code and it does the same thing as far as I can tell.

[Sapd]

6. I get status code '400' with body 'No session

You did not pass all the Cookies between the requests. The library which is used in the app does this automatically. For example the cookie connect.sid is important.

[Sapd]

Also one addition: The state-parameter needs to be generated by you (just some random long string). The server generates one if left out for backwards-compatibility, but that is not 100% correct.

See also: https://api.audiobookshelf.org/#oauth2-authorization-request